From da33f9b919039442e9ab51f9b1d1c83a73607133 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Ol=C5=A1=C3=A1k?= Date: Thu, 2 May 2013 05:08:08 +0200 Subject: [PATCH] r600g: increase array size for shader inputs and outputs and add assertions to prevent buffer overflow. This fixes corruption of the r600_shader struct. NOTE: This is a candidate for the stable branches. --- src/gallium/drivers/r600/r600_shader.c | 2 ++ src/gallium/drivers/r600/r600_shader.h | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/gallium/drivers/r600/r600_shader.c b/src/gallium/drivers/r600/r600_shader.c index 78266c07cea..4416ef0fde2 100644 --- a/src/gallium/drivers/r600/r600_shader.c +++ b/src/gallium/drivers/r600/r600_shader.c @@ -571,6 +571,7 @@ static int tgsi_declaration(struct r600_shader_ctx *ctx) switch (d->Declaration.File) { case TGSI_FILE_INPUT: i = ctx->shader->ninput; + assert(i < Elements(ctx->shader->input)); ctx->shader->ninput += count; ctx->shader->input[i].name = d->Semantic.Name; ctx->shader->input[i].sid = d->Semantic.Index; @@ -602,6 +603,7 @@ static int tgsi_declaration(struct r600_shader_ctx *ctx) break; case TGSI_FILE_OUTPUT: i = ctx->shader->noutput++; + assert(i < Elements(ctx->shader->output)); ctx->shader->output[i].name = d->Semantic.Name; ctx->shader->output[i].sid = d->Semantic.Index; ctx->shader->output[i].gpr = ctx->file_offset[TGSI_FILE_OUTPUT] + d->Range.First; diff --git a/src/gallium/drivers/r600/r600_shader.h b/src/gallium/drivers/r600/r600_shader.h index 411667ae89e..d989ce43649 100644 --- a/src/gallium/drivers/r600/r600_shader.h +++ b/src/gallium/drivers/r600/r600_shader.h @@ -45,8 +45,8 @@ struct r600_shader { unsigned ninput; unsigned noutput; unsigned nlds; - struct r600_shader_io input[32]; - struct r600_shader_io output[32]; + struct r600_shader_io input[40]; + struct r600_shader_io output[40]; boolean uses_kill; boolean fs_write_all; boolean two_side;