From 9aeaf9925984eaa3e01ec51eaf3abf04f38186ea Mon Sep 17 00:00:00 2001
From: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Date: Sat, 27 Jan 2024 16:51:26 -0400
Subject: [PATCH] agx: fix buffer overflow with varying slots

Signed-off-by: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/27616>
---
 src/asahi/compiler/agx_compile.c | 3 +++
 src/asahi/compiler/agx_compile.h | 8 +++-----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/asahi/compiler/agx_compile.c b/src/asahi/compiler/agx_compile.c
index d99d09678ae..f35bc7535d1 100644
--- a/src/asahi/compiler/agx_compile.c
+++ b/src/asahi/compiler/agx_compile.c
@@ -2543,6 +2543,7 @@ agx_remap_varyings_vs(nir_shader *nir, struct agx_varyings_vs *varyings,
       if (loc == VARYING_SLOT_POS || loc == VARYING_SLOT_PSIZ)
          continue;
 
+      assert(loc < ARRAY_SIZE(varyings->slots));
       varyings->slots[loc] = base;
       base += 4;
       varyings->num_32_smooth += 4;
@@ -2554,6 +2555,7 @@ agx_remap_varyings_vs(nir_shader *nir, struct agx_varyings_vs *varyings,
       if (loc == VARYING_SLOT_POS || loc == VARYING_SLOT_PSIZ)
          continue;
 
+      assert(loc < ARRAY_SIZE(varyings->slots));
       varyings->slots[loc] = base;
       base += 4;
       varyings->num_32_flat += 4;
@@ -2565,6 +2567,7 @@ agx_remap_varyings_vs(nir_shader *nir, struct agx_varyings_vs *varyings,
       if (loc == VARYING_SLOT_POS || loc == VARYING_SLOT_PSIZ)
          continue;
 
+      assert(loc < ARRAY_SIZE(varyings->slots));
       varyings->slots[loc] = base;
       base += 4;
       varyings->num_32_linear += 4;
diff --git a/src/asahi/compiler/agx_compile.h b/src/asahi/compiler/agx_compile.h
index ca7302b8120..fae10dba8f8 100644
--- a/src/asahi/compiler/agx_compile.h
+++ b/src/asahi/compiler/agx_compile.h
@@ -8,9 +8,7 @@
 
 #include "compiler/nir/nir.h"
 #include "util/u_dynarray.h"
-
-/* 32 user varyings + some system values */
-#define AGX_MAX_VARYING_SLOTS (48)
+#include "shader_enums.h"
 
 struct agx_varyings_vs {
    /* The number of user varyings of each type. The varyings must be allocated
@@ -42,7 +40,7 @@ struct agx_varyings_vs {
     *
     * If the slot is not written, this must be ~0.
     */
-   unsigned slots[AGX_MAX_VARYING_SLOTS];
+   unsigned slots[VARYING_SLOT_MAX];
 
    /* Slot for the combined layer/viewport 32-bit sysval output, or ~0 if none
     * is written. What's at slots[VARYING_SLOT_LAYER] is the varying output.
@@ -53,7 +51,7 @@ struct agx_varyings_vs {
 /* Conservative bound, * 4 due to offsets (TODO: maybe worth eliminating
  * coefficient register aliasing?)
  */
-#define AGX_MAX_CF_BINDINGS (AGX_MAX_VARYING_SLOTS * 4)
+#define AGX_MAX_CF_BINDINGS (VARYING_SLOT_MAX * 4)
 
 struct agx_varyings_fs {
    /* Number of coefficient registers used */