We already check that the address is not "too far", but we should also
clamp the UBO index in order to avoid looking at the wrong place in the
driver cb. This is a pretty rare situation though.
v2: clamp the file index too
Signed-off-by: Samuel Pitoiset <samuel.pitoi...@gmail.com>
Cc: "12.0" <mesa-sta...@lists.freedesktop.org>
---
src/gallium/drivers/nouveau/codegen/nv50_ir_lowering_nvc0.cpp | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/gallium/drivers/nouveau/codegen/nv50_ir_lowering_nvc0.cpp
b/src/gallium/drivers/nouveau/codegen/nv50_ir_lowering_nvc0.cpp
index cb82216..52cb438 100644
--- a/src/gallium/drivers/nouveau/codegen/nv50_ir_lowering_nvc0.cpp
+++ b/src/gallium/drivers/nouveau/codegen/nv50_ir_lowering_nvc0.cpp
@@ -2183,7 +2183,15 @@ NVC0LoweringPass::handleLDST(Instruction *i)
int8_t fileIndex = i->getSrc(0)->reg.fileIndex - 1;
Value *ind = i->getIndirect(0, 1);
- // TODO: clamp the offset to the maximum number of const buf.
+ if (ind) {
+ // Clamp the UBO index when an indirect access is used to avoid
+ // loading information from the wrong place in the driver cb.
+ ind = bld.mkOp2v(OP_MIN, TYPE_U32, ind,
+ bld.mkOp2v(OP_ADD, TYPE_U32, bld.getSSA(),
+ bld.loadImm(NULL, fileIndex), ind),
+ bld.loadImm(NULL, 12));
+ }
+
if (i->src(0).isIndirect(1)) {
Value *offset = bld.loadImm(NULL, i->getSrc(0)->reg.data.offset +
typeSizeof(i->sType));
Value *ptr = loadUboInfo64(ind, fileIndex * 16);
--
2.8.3
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
