From 3ef736c94e1c8b168454d320bbabe104dc6667d3 Mon Sep 17 00:00:00 2001
From: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Date: Wed, 29 Dec 2021 08:28:22 +0100
Subject: [PATCH] aco: fix a dynamic-stack-buffer-overflow when printing
 instructions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Detected by ASAN.

Signed-off-by: Samuel Pitoiset <samuel.pitoiset@gmail.com>
Reviewed-by: Timur Kristóf <timur.kristof@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/14329>
---
 src/amd/compiler/aco_print_ir.cpp | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/src/amd/compiler/aco_print_ir.cpp b/src/amd/compiler/aco_print_ir.cpp
index d3b24dc0a57..2498a5b1ce8 100644
--- a/src/amd/compiler/aco_print_ir.cpp
+++ b/src/amd/compiler/aco_print_ir.cpp
@@ -658,37 +658,38 @@ aco_print_instr(const Instruction* instr, FILE* output, unsigned flags)
    }
    fprintf(output, "%s", instr_info.name[(int)instr->opcode]);
    if (instr->operands.size()) {
-      bool* const abs = (bool*)alloca(instr->operands.size() * sizeof(bool));
-      bool* const neg = (bool*)alloca(instr->operands.size() * sizeof(bool));
-      bool* const opsel = (bool*)alloca(instr->operands.size() * sizeof(bool));
-      for (unsigned i = 0; i < instr->operands.size(); ++i) {
+      const unsigned num_operands = instr->operands.size();
+      bool* const abs = (bool*)alloca(num_operands * sizeof(bool));
+      bool* const neg = (bool*)alloca(num_operands * sizeof(bool));
+      bool* const opsel = (bool*)alloca(num_operands * sizeof(bool));
+      for (unsigned i = 0; i < num_operands; ++i) {
          abs[i] = false;
          neg[i] = false;
          opsel[i] = false;
       }
       if (instr->isVOP3()) {
          const VOP3_instruction& vop3 = instr->vop3();
-         for (unsigned i = 0; i < 3; ++i) {
+         for (unsigned i = 0; i < MIN2(num_operands, 3); ++i) {
             abs[i] = vop3.abs[i];
             neg[i] = vop3.neg[i];
             opsel[i] = vop3.opsel & (1 << i);
          }
       } else if (instr->isDPP16()) {
          const DPP16_instruction& dpp = instr->dpp16();
-         for (unsigned i = 0; i < 2; ++i) {
+         for (unsigned i = 0; i < MIN2(num_operands, 2); ++i) {
             abs[i] = dpp.abs[i];
             neg[i] = dpp.neg[i];
             opsel[i] = false;
          }
       } else if (instr->isSDWA()) {
          const SDWA_instruction& sdwa = instr->sdwa();
-         for (unsigned i = 0; i < 2; ++i) {
+         for (unsigned i = 0; i < MIN2(num_operands, 2); ++i) {
             abs[i] = sdwa.abs[i];
             neg[i] = sdwa.neg[i];
             opsel[i] = false;
          }
       }
-      for (unsigned i = 0; i < instr->operands.size(); ++i) {
+      for (unsigned i = 0; i < num_operands; ++i) {
          if (i)
             fprintf(output, ", ");
          else