From: Brian Paul <brian.paul@tungstengraphics.com>
Date: Fri, 10 Oct 2008 20:44:52 +0000 (-0600)
Subject: cell: additional 'offset' checking in spe_lqd(), spe_stqd()
X-Git-Tag: android-x86-1.6~16^2~1465^2~496^2~539
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=f42ef6f39d213b4c6315ba95791c16ca2b1a4b21;p=android-x86%2Fexternal-mesa.git

cell: additional 'offset' checking in spe_lqd(), spe_stqd()
---

diff --git a/src/gallium/auxiliary/rtasm/rtasm_ppc_spe.c b/src/gallium/auxiliary/rtasm/rtasm_ppc_spe.c
index 5b0f6bdd482..d0bacd08a67 100644
--- a/src/gallium/auxiliary/rtasm/rtasm_ppc_spe.c
+++ b/src/gallium/auxiliary/rtasm/rtasm_ppc_spe.c
@@ -552,14 +552,19 @@ spe_comment(struct spe_function *p, int rel_indent, const char *s)
 
 /**
  * Load quad word.
- * NOTE: imm is in bytes and the least significant 4 bits must be zero!
+ * NOTE: offset is in bytes and the least significant 4 bits must be zero!
  */
 void spe_lqd(struct spe_function *p, unsigned rT, unsigned rA, int offset)
 {
    const boolean pSave = p->print;
 
-   p->print = FALSE;
+   /* offset must be a multiple of 16 */
    assert(offset % 16 == 0);
+   /* offset must fit in 10-bit signed int field, after shifting */
+   assert((offset >> 4) <= 511);
+   assert((offset >> 4) >= -512);
+
+   p->print = FALSE;
    emit_RI10(p, 0x034, rT, rA, offset >> 4, "spe_lqd");
    p->print = pSave;
 
@@ -572,14 +577,19 @@ void spe_lqd(struct spe_function *p, unsigned rT, unsigned rA, int offset)
 
 /**
  * Store quad word.
- * NOTE: imm is in bytes and the least significant 4 bits must be zero!
+ * NOTE: offset is in bytes and the least significant 4 bits must be zero!
  */
 void spe_stqd(struct spe_function *p, unsigned rT, unsigned rA, int offset)
 {
    const boolean pSave = p->print;
 
-   p->print = FALSE;
+   /* offset must be a multiple of 16 */
    assert(offset % 16 == 0);
+   /* offset must fit in 10-bit signed int field, after shifting */
+   assert((offset >> 4) <= 511);
+   assert((offset >> 4) >= -512);
+
+   p->print = FALSE;
    emit_RI10(p, 0x024, rT, rA, offset >> 4, "spe_stqd");
    p->print = pSave;