util/primconvert: Avoid OoB with improbable draws

Detect when the temporary index buffer cannot be generated due to too
large primitive count, and simply drop the draw on the floor.

Fixes a webgl reachable asan/crash.

Cc: mesa-stable
Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/12092
Signed-off-by: Rob Clark <robdclark@chromium.org>
Reviewed-by: Alyssa Rosenzweig <alyssa@rosenzweig.io>
Reviewed-By: Mike Blumenkrantz <michael.blumenkrantz@gmail.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/31914>
(cherry picked from commit 98ff271c5a)

.pick_status.json

@@ -454,7 +454,7 @@
         "description": "util/primconvert: Avoid OoB with improbable draws",
         "nominated": true,
         "nomination_type": 0,
-        "resolution": 0,
+        "resolution": 1,
         "main_sha": null,
         "because_sha": null,
         "notes": null

src/gallium/auxiliary/indices/u_primconvert.c

@@ -221,8 +221,13 @@ primconvert_init_draw(struct primconvert_context *pc,
    }
 
    /* (step 5: allocate gpu memory sized for the FINAL index count) */
-   u_upload_alloc(pc->pipe->stream_uploader, 0, new_info->index_size * new_draw->count, 4,
+   uint64_t new_size = (uint64_t)new_info->index_size * new_draw->count;
+   if (new_size > UINT_MAX)
+      return false;
+   u_upload_alloc(pc->pipe->stream_uploader, 0, new_size, 4,
                   &ib_offset, &new_info->index.resource, &dst);
+   if (!dst)
+      return false;
    new_draw->start = ib_offset / new_info->index_size;
    new_draw->index_bias = info->index_size ? draw.index_bias : 0;