From 9daaa9e44e087de416fb78630b993af30ac67014 Mon Sep 17 00:00:00 2001
From: Asahi Lina <lina@asahilina.net>
Date: Wed, 15 Feb 2023 17:58:18 +0900
Subject: [PATCH] asahi: Fix shader key cloning overreads

We call agx_get_shader_variant through with casted inner shader key
types, so it has to make sure to only copy as much of the union as is
actually valid.

Signed-off-by: Asahi Lina <lina@asahilina.net>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/21348>
---
 src/gallium/drivers/asahi/agx_state.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/gallium/drivers/asahi/agx_state.c b/src/gallium/drivers/asahi/agx_state.c
index 32a997111b1..37e080c4175 100644
--- a/src/gallium/drivers/asahi/agx_state.c
+++ b/src/gallium/drivers/asahi/agx_state.c
@@ -1452,8 +1452,17 @@ agx_get_shader_variant(struct agx_screen *screen,
     * hash table key. The clone is logically owned by the hash table.
     */
    union asahi_shader_key *cloned_key =
-      ralloc(so->variants, union asahi_shader_key);
-   memcpy(cloned_key, key, sizeof(union asahi_shader_key));
+      rzalloc(so->variants, union asahi_shader_key);
+
+   if (so->type == PIPE_SHADER_FRAGMENT) {
+      memcpy(cloned_key, key, sizeof(struct asahi_fs_shader_key));
+   } else if (so->type == PIPE_SHADER_VERTEX) {
+      memcpy(cloned_key, key, sizeof(struct asahi_vs_shader_key));
+   } else {
+      assert(gl_shader_stage_is_compute(so->type));
+      /* No key */
+   }
+
    _mesa_hash_table_insert(so->variants, cloned_key, compiled);
 
    return compiled;