From 007a440a33d49e12909d3cf7ca8ee4f6783830fa Mon Sep 17 00:00:00 2001
From: Alyssa Rosenzweig <alyssa.rosenzweig@collabora.com>
Date: Sun, 18 Feb 2024 08:42:57 -0400
Subject: [PATCH] asahi/lib: fix overread with stateful

Signed-off-by: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/28483>
---
 src/asahi/lib/decode.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/asahi/lib/decode.c b/src/asahi/lib/decode.c
index d8eba3bbb95..c65a0a0f345 100644
--- a/src/asahi/lib/decode.c
+++ b/src/asahi/lib/decode.c
@@ -301,17 +301,19 @@ agxdecode_stateful(uint64_t va, const char *label, decode_cmd decoder,
    unsigned sp = 0;
 
    uint8_t buf[1024];
+   size_t size = sizeof(buf);
    if (!lib_config.read_gpu_mem) {
       struct agx_bo *alloc = agxdecode_find_mapped_gpu_mem_containing(va);
       assert(alloc != NULL && "nonexistent object");
       fprintf(agxdecode_dump_stream, "%s (%" PRIx64 ", handle %u)\n", label, va,
               alloc->handle);
+      size = MIN2(size, alloc->size - (va - alloc->ptr.gpu));
    } else {
       fprintf(agxdecode_dump_stream, "%s (%" PRIx64 ")\n", label, va);
    }
    fflush(agxdecode_dump_stream);
 
-   int len = agxdecode_fetch_gpu_array(va, buf);
+   int len = agxdecode_fetch_gpu_mem(va, size, buf);
 
    int left = len;
    uint8_t *map = buf;