From 1a7b7b17ad0afbc53af9fa012880e6600a4399e4 Mon Sep 17 00:00:00 2001
From: Mike Blumenkrantz <michael.blumenkrantz@gmail.com>
Date: Thu, 31 Dec 2020 15:44:32 -0500
Subject: [PATCH] radv: avoid oob read during clear

when clearing a depth/stencil image the passed colorvalue pointer is
smaller than the VkClearValue struct size

Reviewed-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/8288>
---
 src/amd/vulkan/radv_meta_clear.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/amd/vulkan/radv_meta_clear.c b/src/amd/vulkan/radv_meta_clear.c
index a3724d66126..3ac9aa71e62 100644
--- a/src/amd/vulkan/radv_meta_clear.c
+++ b/src/amd/vulkan/radv_meta_clear.c
@@ -2204,7 +2204,12 @@ radv_cmd_clear_image(struct radv_cmd_buffer *cmd_buffer,
 		     bool cs)
 {
 	VkFormat format = image->vk_format;
-	VkClearValue internal_clear_value = *clear_value;
+	VkClearValue internal_clear_value;
+
+        if (image->aspects & VK_IMAGE_ASPECT_COLOR_BIT)
+                internal_clear_value.color = clear_value->color;
+        else
+                internal_clear_value.depthStencil = clear_value->depthStencil;
 
 	if (format == VK_FORMAT_E5B9G9R9_UFLOAT_PACK32) {
 		uint32_t value;