From f3d27eec52cac63378c0e466db971ae125c813a1 Mon Sep 17 00:00:00 2001 From: Chris Wilson Date: Wed, 24 Sep 2014 16:16:25 +0100 Subject: sna/gen4+: Assert that the offset coordinate is within range if negative Invalid negative offsets could slip into the drawing rectangle without triggering the assertion - the assertion being that they were not greater than the maximum positive coordinate of the 3d engine. Signed-off-by: Chris Wilson --- src/sna/gen4_render.c | 2 +- src/sna/gen5_render.c | 2 +- src/sna/gen6_render.c | 2 +- src/sna/gen7_render.c | 2 +- src/sna/gen8_render.c | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/sna/gen4_render.c b/src/sna/gen4_render.c index 9a6761f6..6c2d3808 100644 --- a/src/sna/gen4_render.c +++ b/src/sna/gen4_render.c @@ -941,7 +941,7 @@ gen4_emit_drawing_rectangle(struct sna *sna, const struct sna_composite_op *op) uint32_t limit = (op->dst.height - 1) << 16 | (op->dst.width - 1); uint32_t offset = (uint16_t)op->dst.y << 16 | (uint16_t)op->dst.x; - assert(!too_large(op->dst.x, op->dst.y)); + assert(!too_large(abs(op->dst.x), abs(op->dst.y))); assert(!too_large(op->dst.width, op->dst.height)); if (sna->render_state.gen4.drawrect_limit == limit && diff --git a/src/sna/gen5_render.c b/src/sna/gen5_render.c index 1ebaef9d..435e6749 100644 --- a/src/sna/gen5_render.c +++ b/src/sna/gen5_render.c @@ -877,7 +877,7 @@ gen5_emit_drawing_rectangle(struct sna *sna, const struct sna_composite_op *op) uint32_t limit = (op->dst.height - 1) << 16 | (op->dst.width - 1); uint32_t offset = (uint16_t)op->dst.y << 16 | (uint16_t)op->dst.x; - assert(!too_large(op->dst.x, op->dst.y)); + assert(!too_large(abs(op->dst.x), abs(op->dst.y))); assert(!too_large(op->dst.width, op->dst.height)); if (!DBG_NO_STATE_CACHE && diff --git a/src/sna/gen6_render.c b/src/sna/gen6_render.c index 86ea1467..5c625efc 100644 --- a/src/sna/gen6_render.c +++ b/src/sna/gen6_render.c @@ -687,7 +687,7 @@ gen6_emit_drawing_rectangle(struct sna *sna, uint32_t limit = (op->dst.height - 1) << 16 | (op->dst.width - 1); uint32_t offset = (uint16_t)op->dst.y << 16 | (uint16_t)op->dst.x; - assert(!too_large(op->dst.x, op->dst.y)); + assert(!too_large(abs(op->dst.x), abs(op->dst.y))); assert(!too_large(op->dst.width, op->dst.height)); if (sna->render_state.gen6.drawrect_limit == limit && diff --git a/src/sna/gen7_render.c b/src/sna/gen7_render.c index 571de6e0..16e666b9 100644 --- a/src/sna/gen7_render.c +++ b/src/sna/gen7_render.c @@ -923,7 +923,7 @@ gen7_emit_drawing_rectangle(struct sna *sna, uint32_t limit = (op->dst.height - 1) << 16 | (op->dst.width - 1); uint32_t offset = (uint16_t)op->dst.y << 16 | (uint16_t)op->dst.x; - assert(!too_large(op->dst.x, op->dst.y)); + assert(!too_large(abs(op->dst.x), abs(op->dst.y))); assert(!too_large(op->dst.width, op->dst.height)); if (sna->render_state.gen7.drawrect_limit == limit && diff --git a/src/sna/gen8_render.c b/src/sna/gen8_render.c index e251315b..6cc7a68b 100644 --- a/src/sna/gen8_render.c +++ b/src/sna/gen8_render.c @@ -989,7 +989,7 @@ gen8_emit_drawing_rectangle(struct sna *sna, uint32_t limit = (op->dst.height - 1) << 16 | (op->dst.width - 1); uint32_t offset = (uint16_t)op->dst.y << 16 | (uint16_t)op->dst.x; - assert(!too_large(op->dst.x, op->dst.y)); + assert(!too_large(abs(op->dst.x), abs(op->dst.y))); assert(!too_large(op->dst.width, op->dst.height)); if (sna->render_state.gen8.drawrect_limit == limit && -- cgit v1.2.3