virgl: Fix buffer overflow warning and undefined bahaviour (!18231) · Merge requests · Mesa / mesa

Gert Wollny requested to merge gerddie/mesa:virgl-fix-overflow into main Aug 24, 2022

Warning:

./src/gallium/winsys/virgl/drm/virgl_drm_winsys.c: In function ‘virgl_drm_winsys_resource_set_type’:
../src/gallium/winsys/virgl/drm/virgl_drm_winsys.c:607:10: warning: array subscript 14 is above array bounds of ‘uint32_t[14]’ {aka ‘unsigned int[14]’} [-Warray-bounds]
  607 |       cmd[VIRGL_PIPE_RES_SET_TYPE_PLANE_OFFSET(i)] = plane_offsets[i];
      |       ~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../src/gallium/winsys/virgl/drm/virgl_drm_winsys.c:582:13: note: while referencing ‘cmd’
  582 |    uint32_t cmd[VIRGL_PIPE_RES_SET_TYPE_SIZE(VIRGL_MAX_PLANE_COUNT)];
      |             ^~~

ubsan:

virgl_screen.c:313:55: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
virgl_screen.c:682:27: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
virgl_encode.c:481:7: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'

virgl: Fix buffer overflow warning and undefined bahaviour

Merge request reports