[Mesa-dev] [PATCH v3] mesa: take into account indices offset for bounds check

Vadim Girlin vadimgirlin at gmail.com
Wed Oct 12 17:41:42 PDT 2011 

Signed-off-by: Vadim Girlin <vadimgirlin at gmail.com>
---

Sorry, overlooked whitespace issues in v2

 src/mesa/main/api_validate.c |   23 ++++++++++++++++++++---
 1 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/src/mesa/main/api_validate.c b/src/mesa/main/api_validate.c
index 1fcf5cd..901f50f 100644
--- a/src/mesa/main/api_validate.c
+++ b/src/mesa/main/api_validate.c
@@ -52,6 +52,20 @@ index_bytes(GLenum type, GLsizei count)
 
 
 /**
+ * Check that the indices don't lie outside buffer object bounds.
+ */
+static GLboolean
+check_index_buffer_bounds(const GLvoid *offset, GLsizei count, GLenum type,
+                          struct gl_buffer_object *elementBuf)
+{
+   if ((GLbyte*)offset + index_bytes(type, count) > (GLbyte*)elementBuf->Size)
+      return GL_FALSE;
+   else
+      return GL_TRUE;
+}
+
+
+/**
  * Find the max index in the given element/index buffer
  */
 GLuint
@@ -257,7 +271,8 @@ _mesa_validate_DrawElements(struct gl_context *ctx,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      if (!check_index_buffer_bounds(indices, count, type,
+                                     ctx->Array.ElementArrayBufferObj)) {
          _mesa_warning(ctx, "glDrawElements index out of buffer bounds");
          return GL_FALSE;
       }
@@ -318,7 +333,8 @@ _mesa_validate_DrawRangeElements(struct gl_context *ctx, GLenum mode,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      if (!check_index_buffer_bounds(indices, count, type,
+                                     ctx->Array.ElementArrayBufferObj)) {
          _mesa_warning(ctx, "glDrawRangeElements index out of buffer bounds");
          return GL_FALSE;
       }
@@ -457,7 +473,8 @@ _mesa_validate_DrawElementsInstanced(struct gl_context *ctx,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      if (!check_index_buffer_bounds(indices, count, type,
+                                     ctx->Array.ElementArrayBufferObj)) {
          _mesa_warning(ctx,
                        "glDrawElementsInstanced index out of buffer bounds");
          return GL_FALSE;
-- 
1.7.6.4

More information about the mesa-dev mailing list