anv: fix potential integer overflows

In all cases both variables has a type of uint32_t, so multiplying them will also generate uint32_t. The results of those multiplications are used as uint64_t's, so Coverity thinks there might be integer overflows here. I don't think it's possible to hit them (query BOs should be relatively small), but let's avoid those overflows. CID: 1472820 CID: 1472821 CID: 1472822 CID: 1472824 CID: 1475934 CID: 1475927 Signed-off-by: Marcin Ślusarz <marcin.slusarz@intel.com> Reviewed-by: Jason Ekstrand <jason@jlekstrand.net> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/11574>
2021-06-24 12:20:33 +02:00
parent 365c7cc87c
commit d19cf7d572
1 changed files with 4 additions and 4 deletions
--- a/src/intel/vulkan/genX_query.c
+++ b/src/intel/vulkan/genX_query.c
@@ -204,7 +204,7 @@ VkResult genX(CreateQueryPool)(
   if (pdevice->has_exec_async)
      bo_flags |= EXEC_OBJECT_ASYNC;

-   uint64_t size = pool->slots * pool->stride;
+   uint64_t size = pool->slots * (uint64_t)pool->stride;
   result = anv_device_alloc_bo(device, "query-pool", size,
                                ANV_BO_ALLOC_MAPPED |
                                ANV_BO_ALLOC_SNOOPED,
@@ -225,7 +225,7 @@ VkResult genX(CreateQueryPool)(

         mi_builder_init(&b, &device->info, &batch);
         mi_store(&b, mi_reg64(ANV_PERF_QUERY_OFFSET_REG),
-                      mi_imm(p * pool->pass_size));
+                      mi_imm(p * (uint64_t)pool->pass_size));
         anv_batch_emit(&batch, GENX(MI_BATCH_BUFFER_END), bbe);
      }
   }
@@ -304,13 +304,13 @@ void genX(DestroyQueryPool)(
 static uint64_t
 khr_perf_query_availability_offset(struct anv_query_pool *pool, uint32_t query, uint32_t pass)
 {
-   return query * (pool->stride) + pass * pool->pass_size;
+   return query * (uint64_t)pool->stride + pass * (uint64_t)pool->pass_size;
 }

 static uint64_t
 khr_perf_query_data_offset(struct anv_query_pool *pool, uint32_t query, uint32_t pass, bool end)
 {
-   return query * (pool->stride) + pass * pool->pass_size +
+   return query * (uint64_t)pool->stride + pass * (uint64_t)pool->pass_size +
      pool->data_offset + (end ? pool->snapshot_size : 0);
 }