From 5f7810dcb2b1eed0a1920e5f3a0339a09031a895 Mon Sep 17 00:00:00 2001
From: Tony Wasserka <tony.wasserka@gmx.de>
Date: Mon, 14 Sep 2020 19:39:43 +0200
Subject: [PATCH] aco/isel: Fix out-of-bounds write in visit_load_input

Shaders may read out components past the attributes provided by the
application, so the read mask can indicate a larger component count than
were actually reserved in the array.

Reviewed-by: Rhys Perry <pendingchaos02@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/6728>
---
 src/amd/compiler/aco_instruction_selection.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/amd/compiler/aco_instruction_selection.cpp b/src/amd/compiler/aco_instruction_selection.cpp
index cdb2bc4eebe..194e142fdf5 100644
--- a/src/amd/compiler/aco_instruction_selection.cpp
+++ b/src/amd/compiler/aco_instruction_selection.cpp
@@ -4568,7 +4568,7 @@ void visit_load_input(isel_context *ctx, nir_intrinsic_instr *instr)
       /* skip unused channels at the start */
       if (vtx_info->chan_byte_size && !post_shuffle) {
          channel_start = ffs(mask) - 1;
-         for (unsigned i = 0; i < channel_start; i++)
+         for (unsigned i = 0; i < MIN2(channel_start, num_channels); i++)
             channels[i] = Temp(0, s1);
       } else if (vtx_info->chan_byte_size && post_shuffle && !(mask & 0x8)) {
          num_channels = 3 - (ffs(mask) - 1);