From e08a04a140eac441c3c50b26e75eaeaaf934debe Mon Sep 17 00:00:00 2001
From: Eric Anholt <eric@anholt.net>
Date: Thu, 18 Feb 2021 16:31:00 -0800
Subject: [PATCH] softpipe: Fix the const buffer overflow check.

The size is in bytes, pos is a dword index.

Fixes these asan failures (not tested in CI since we run a fraction):

dEQP-GLES31.functional.shaders.opaque_type_indexing.ubo.const_expression_compute,Crash
dEQP-GLES31.functional.shaders.opaque_type_indexing.ubo.const_literal_compute,Crash

Reviewed-by: Adam Jackson <ajax@redhat.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/9162>
---
 src/gallium/auxiliary/tgsi/tgsi_exec.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/gallium/auxiliary/tgsi/tgsi_exec.c b/src/gallium/auxiliary/tgsi/tgsi_exec.c
index f7ed64121f0..e2ed18d6049 100644
--- a/src/gallium/auxiliary/tgsi/tgsi_exec.c
+++ b/src/gallium/auxiliary/tgsi/tgsi_exec.c
@@ -1461,7 +1461,7 @@ fetch_src_file_channel(const struct tgsi_exec_machine *mach,
             const uint constbuf = index2D->i[i];
             const int pos = index->i[i] * 4 + swizzle;
             /* const buffer bounds check */
-            if (pos < 0 || pos >= (int) mach->ConstsSize[constbuf]) {
+            if (pos < 0 || pos >= (int) mach->ConstsSize[constbuf] / 4) {
                if (0) {
                   /* Debug: print warning */
                   static int count = 0;