From d1e565a8ebf4eb06bd3047b403a27f94d22c7062 Mon Sep 17 00:00:00 2001
From: Faith Ekstrand <faith.ekstrand@collabora.com>
Date: Wed, 3 May 2023 09:46:55 -0500
Subject: [PATCH] nouveau/nir: image_samples/size don't have coordinates

Without this, it treats the src[1] as a coordinate (it's actually LOD)
and may try to read more than one component.  I don't think this usually
hurts anything as the coordinate should get ignored later but it can
result in OOB memory reads while translating NIR.

Reviewed-by: Karol Herbst <kherbst@redhat.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/22834>
---
 src/nouveau/codegen/nv50_ir_from_nir.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/nouveau/codegen/nv50_ir_from_nir.cpp b/src/nouveau/codegen/nv50_ir_from_nir.cpp
index 0d492dd..8d274a5 100644
--- a/src/nouveau/codegen/nv50_ir_from_nir.cpp
+++ b/src/nouveau/codegen/nv50_ir_from_nir.cpp
@@ -2301,6 +2301,7 @@ Converter::visit(nir_intrinsic_instr *insn)
          mask = 0x8;
          FALLTHROUGH;
       case nir_intrinsic_image_samples:
+         argCount = 0; /* No coordinates */
          ty = TYPE_U32;
          bindless = op == nir_intrinsic_bindless_image_samples;
          mask = 0x8;
@@ -2308,6 +2309,7 @@ Converter::visit(nir_intrinsic_instr *insn)
       case nir_intrinsic_bindless_image_size:
       case nir_intrinsic_image_size:
          assert(nir_src_as_uint(insn->src[1]) == 0);
+         argCount = 0; /* No coordinates */
          ty = TYPE_U32;
          bindless = op == nir_intrinsic_bindless_image_size;
          break;
-- 
2.7.4