Mesa (7.11): r600g: fix buffer overflow check in r600_query_begin
Alex Deucher
agd5f at kemper.freedesktop.org
Tue Jul 5 20:19:59 UTC 2011
Module: Mesa
Branch: 7.11
Commit: 1ae00c5960af83bea9545a18a1754bad83d5cbd0
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=1ae00c5960af83bea9545a18a1754bad83d5cbd0
Author: Vadim Girlin <vadimgirlin at gmail.com>
Date: Mon Jul 4 18:30:42 2011 +0400
r600g: fix buffer overflow check in r600_query_begin
---
src/gallium/winsys/r600/drm/r600_hw_context.c | 7 +++++--
1 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/gallium/winsys/r600/drm/r600_hw_context.c b/src/gallium/winsys/r600/drm/r600_hw_context.c
index 81e26f6..633cd35 100644
--- a/src/gallium/winsys/r600/drm/r600_hw_context.c
+++ b/src/gallium/winsys/r600/drm/r600_hw_context.c
@@ -1725,7 +1725,7 @@ static boolean r600_query_result(struct r600_context *ctx, struct r600_query *qu
void r600_query_begin(struct r600_context *ctx, struct r600_query *query)
{
- unsigned required_space;
+ unsigned required_space, required_buffer;
int num_backends = r600_get_num_backends(ctx->radeon);
/* query request needs 6/8 dwords for begin + 6/8 dwords for end */
@@ -1739,8 +1739,11 @@ void r600_query_begin(struct r600_context *ctx, struct r600_query *query)
r600_context_flush(ctx);
}
+ required_buffer = query->num_results +
+ 4 * (query->type == PIPE_QUERY_OCCLUSION_COUNTER ? ctx->max_db : 1);
+
/* if query buffer is full force a flush */
- if (query->num_results*4 >= query->buffer_size - 16) {
+ if (required_buffer*4 > query->buffer_size) {
if (!(query->state & R600_QUERY_STATE_FLUSHED))
r600_context_flush(ctx);
r600_query_result(ctx, query, TRUE);
More information about the mesa-commit
mailing list