[Mesa-dev] [PATCH v2] mesa: take into account indices offset for bounds check

Vadim Girlin vadimgirlin at gmail.com
Wed Oct 12 15:54:10 PDT 2011 

Signed-off-by: Vadim Girlin <vadimgirlin at gmail.com>
---

v2: using helper function 

 src/mesa/main/api_validate.c |   21 ++++++++++++++++++---
 1 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/mesa/main/api_validate.c b/src/mesa/main/api_validate.c
index 1fcf5cd..432fd08 100644
--- a/src/mesa/main/api_validate.c
+++ b/src/mesa/main/api_validate.c
@@ -50,6 +50,18 @@ index_bytes(GLenum type, GLsizei count)
    }
 }
 
+/**
+ * Check that the indices don't lie outside buffer object bounds.
+ */
+static GLboolean
+check_index_buffer_bounds(const GLvoid *offset, GLsizei count, GLenum type,
+                          struct gl_buffer_object *elementBuf)
+{
+   if ((GLbyte*)offset + index_bytes(type, count) > (GLbyte*)elementBuf->Size)
+      return GL_FALSE;
+   else
+      return GL_TRUE;
+}
 
 /**
  * Find the max index in the given element/index buffer
@@ -257,7 +269,8 @@ _mesa_validate_DrawElements(struct gl_context *ctx,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      if (!check_index_buffer_bounds(indices, count, type,
+                                    ctx->Array.ElementArrayBufferObj)) {
          _mesa_warning(ctx, "glDrawElements index out of buffer bounds");
          return GL_FALSE;
       }
@@ -318,7 +331,8 @@ _mesa_validate_DrawRangeElements(struct gl_context *ctx, GLenum mode,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      if (!check_index_buffer_bounds(indices, count, type,
+                                    ctx->Array.ElementArrayBufferObj)) {
          _mesa_warning(ctx, "glDrawRangeElements index out of buffer bounds");
          return GL_FALSE;
       }
@@ -457,7 +471,8 @@ _mesa_validate_DrawElementsInstanced(struct gl_context *ctx,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      if (!check_index_buffer_bounds(indices, count, type,
+                                    ctx->Array.ElementArrayBufferObj)) {
          _mesa_warning(ctx,
                        "glDrawElementsInstanced index out of buffer bounds");
          return GL_FALSE;
-- 
1.7.6.4

More information about the mesa-dev mailing list