summaryrefslogtreecommitdiffstats
path: root/src/gallium/drivers/r600/sb
diff options
context:
space:
mode:
authorGlenn Kennard <[email protected]>2015-08-27 19:04:16 +0200
committerEmil Velikov <[email protected]>2015-08-31 13:16:22 +0100
commit9db5c2ca2ea8f4172611337db1cc81f19aab443e (patch)
tree3e514bc941e5ac13715f5f5f20969170120bfa4e /src/gallium/drivers/r600/sb
parent08c41221d7102106d0b70a6399e2270919458077 (diff)
r600g/sb: Don't read junk after EOP
Shaders that contain instruction data after an instruction with EOP could end up parsing that as an instruction, leading to various crashes and asserts in SB as it gets very confused if it sees for instance a loop start instruction jumping off to some random point. Add a couple of asserts, and print EOP bit if set in old asm printer. Signed-off-by: Glenn Kennard <[email protected]> Cc: <[email protected]> Signed-off-by: Dave Airlie <[email protected]> (cherry picked from commit a830225adbb77073272961df409885cca6b861ee)
Diffstat (limited to 'src/gallium/drivers/r600/sb')
-rw-r--r--src/gallium/drivers/r600/sb/sb_bc_decoder.cpp1
-rw-r--r--src/gallium/drivers/r600/sb/sb_bc_parser.cpp4
2 files changed, 4 insertions, 1 deletions
diff --git a/src/gallium/drivers/r600/sb/sb_bc_decoder.cpp b/src/gallium/drivers/r600/sb/sb_bc_decoder.cpp
index 5e233f982ea..5fe8f50aa4c 100644
--- a/src/gallium/drivers/r600/sb/sb_bc_decoder.cpp
+++ b/src/gallium/drivers/r600/sb/sb_bc_decoder.cpp
@@ -32,6 +32,7 @@ int bc_decoder::decode_cf(unsigned &i, bc_cf& bc) {
int r = 0;
uint32_t dw0 = dw[i];
uint32_t dw1 = dw[i+1];
+ assert(i+1 <= ndw);
if ((dw1 >> 29) & 1) { // CF_ALU
return decode_cf_alu(i, bc);
diff --git a/src/gallium/drivers/r600/sb/sb_bc_parser.cpp b/src/gallium/drivers/r600/sb/sb_bc_parser.cpp
index 4879c036f9f..748aae29eeb 100644
--- a/src/gallium/drivers/r600/sb/sb_bc_parser.cpp
+++ b/src/gallium/drivers/r600/sb/sb_bc_parser.cpp
@@ -95,7 +95,7 @@ int bc_parser::decode_shader() {
if ((r = decode_cf(i, eop)))
return r;
- } while (!eop || (i >> 1) <= max_cf);
+ } while (!eop || (i >> 1) < max_cf);
return 0;
}
@@ -769,6 +769,7 @@ int bc_parser::prepare_ir() {
}
int bc_parser::prepare_loop(cf_node* c) {
+ assert(c->bc.addr-1 < cf_map.size());
cf_node *end = cf_map[c->bc.addr - 1];
assert(end->bc.op == CF_OP_LOOP_END);
@@ -788,6 +789,7 @@ int bc_parser::prepare_loop(cf_node* c) {
}
int bc_parser::prepare_if(cf_node* c) {
+ assert(c->bc.addr-1 < cf_map.size());
cf_node *c_else = NULL, *end = cf_map[c->bc.addr];
BCP_DUMP(