mesa/main: fix stack overflow related to the new mipmap code
What does this MR do and why?
mesa/main: fix stack overflow related to the new mipmap code
Indeed, the access to the array is done with a 4x multiplier.
The size of the array should be calculated accordingly.
For instance, this issue is triggered on radeonsi with
"piglit/bin/arb_direct_state_access-gettextureimage-formats -auto -fbo":
==3419==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffc31f804b0 at pc 0x7fac7ef81b2d bp 0x7ffc31f803d0 sp 0x7ffc31f803c8
WRITE of size 1 at 0x7ffc31f804b0 thread T0
#0 0x7fac7ef81b2c in do_span_rgba_unorm8 ../src/mesa/main/mipmap.c:160
#1 0x7fac7ef83549 in do_row ../src/mesa/main/mipmap.c:258
#2 0x7fac7ef83986 in make_2d_mipmap ../src/mesa/main/mipmap.c:371
#3 0x7fac7ef8670b in generate_mipmap_compressed ../src/mesa/main/mipmap.c:1062
#4 0x7fac7ef8670b in _mesa_generate_mipmap ../src/mesa/main/mipmap.c:1119
#5 0x7fac7e5472aa in check_gen_mipmap ../src/mesa/main/teximage.c:2910
#6 0x7fac7e5472aa in check_gen_mipmap ../src/mesa/main/teximage.c:2904
#7 0x7fac7e5472aa in teximage ../src/mesa/main/teximage.c:3315
#8 0x7fac7e5472aa in teximage_err ../src/mesa/main/teximage.c:3342
#9 0x7fac7e550cfa in _mesa_TexImage2D ../src/mesa/main/teximage.c:3413
Address 0x7ffc31f804b0 is located in stack of thread T0 at offset 96 in frame
#0 0x7fac7ef814ff in do_span_rgba_unorm8 ../src/mesa/main/mipmap.c:132
This frame has 3 object(s):
[32, 96) 'result' (line 145) <== Memory access at offset 96 overflows this variable
[128, 384) 'rowA' (line 144)
[448, 704) 'rowB' (line 144)
Fixes: dd8fb7139df ("mesa/main: rewrite mipmap generation code")
Signed-off-by: Patrick Lerda <patrick9876@free.fr>