From 011cacd9826eae88d6c128ffde6023c9c5f1678d Mon Sep 17 00:00:00 2001
From: Mark Collins <mark@igalia.com>
Date: Mon, 18 Mar 2024 11:01:23 +0000
Subject: [PATCH] fd/replay: Clamp dumped wrbuf to buffer size

We should be careful to not read past the end of any buffers when
dumping wrbufs, this clamps the size to the size of the buffer with
a warning.

Signed-off-by: Mark Collins <mark@igalia.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/28253>
---
 src/freedreno/decode/replay.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/freedreno/decode/replay.c b/src/freedreno/decode/replay.c
index f4974016187..5390d698b55 100644
--- a/src/freedreno/decode/replay.c
+++ b/src/freedreno/decode/replay.c
@@ -384,8 +384,16 @@ device_dump_wrbuf(struct device *dev)
          fprintf(stderr, "Error getting buffer for %s\n", buffer_path);
          goto end_it;
       }
-      const void *buffer = buf->map + (wrbuf->iova - buf->iova);
-      fwrite(buffer, wrbuf->size, 1, f);
+
+      uint64_t offset = wrbuf->iova - buf->iova;
+      uint64_t size = MIN2(wrbuf->size, buf->size - offset);
+      if (size != wrbuf->size) {
+         fprintf(stderr, "Warning: Clamping buffer %s as it's smaller than expected (0x%lx < 0x%lx)\n", wrbuf->name, size, wrbuf->size);
+      }
+
+      printf("Dumping %s (0x%lx - 0x%lx)\n", wrbuf->name, wrbuf->iova, wrbuf->iova + size);
+
+      fwrite(buf->map + offset, size, 1, f);
 
       end_it:
       fclose(f);