From f9e7b9568b0b84e6b8bfe5d44413180b58a00048 Mon Sep 17 00:00:00 2001
From: Tanner Van De Walle <tvandewalle@microsoft.com>
Date: Fri, 8 May 2026 15:36:13 -0700
Subject: [PATCH] util/format: add lower-bound assert on format

The generated util_format_description(),
util_format_pack_description(), and
util_format_unpack_description_generic() helpers assert
format < PIPE_FORMAT_COUNT but not format >= 0. MSVC's prefast
static analyzer reports C33010 (UNCHECKED_LOWER_BOUND_FOR_ENUMINDEX)
on the subsequent array subscript, since it cannot prove the
non-negative side of the bound. Extending the existing assert in
the generator silences the warning across all three accessors.

Reviewed-by: Jesse Natalie <jenatali@microsoft.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/41447>
---
 src/util/format/u_format_table.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util/format/u_format_table.py b/src/util/format/u_format_table.py
index 8cb52696eb3..545ce795fa3 100644
--- a/src/util/format/u_format_table.py
+++ b/src/util/format/u_format_table.py
@@ -597,7 +597,7 @@ def write_format_table(formats):
         print("ATTRIBUTE_RETURNS_NONNULL const struct util_format_%sdescription *" % type)
         print("util_format_%sdescription%s(enum pipe_format format)" % (type, suffix))
         print("{")
-        print("   assert(format < PIPE_FORMAT_COUNT);")
+        print("   assert(format >= 0 && format < PIPE_FORMAT_COUNT);")
         print("   return &util_format_%sdescriptions[format];" % (type))
         print("}")
         print()