Mesa (master): draw: fix crashes with out-of-bounds indices
Jose Fonseca
jrfonseca at kemper.freedesktop.org
Thu Nov 15 17:38:50 UTC 2012
Module: Mesa
Branch: master
Commit: 94f9ea03a12fe1adf90c0e5defb0063cd568b537
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=94f9ea03a12fe1adf90c0e5defb0063cd568b537
Author: Roland Scheidegger <sroland at vmware.com>
Date: Fri Nov 2 16:48:49 2012 +0100
draw: fix crashes with out-of-bounds indices
The passthrough pipeline needs to check index values (which might be passed
through) as they can be invalid (which causes crashes and various assertion
failures if the clip code runs). Obviously, rendering won't be well-defined,
but those bogus indices might come directly from apps.
There were already debug printfs which reported the out-of-bounds indices but
we really ought to not crash.
While checking at that point doesn't seem like the most efficient solution,
it seems there isn't really another appropriate function to do it.
Reviewed-by: Brian Paul <brianp at vmware.com>
Reviewed-by: José Fonseca <jfonseca at vmware.com>
---
src/gallium/auxiliary/draw/draw_pipe.c | 9 ++++++---
src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h | 6 +++---
2 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/src/gallium/auxiliary/draw/draw_pipe.c b/src/gallium/auxiliary/draw/draw_pipe.c
index d754504..ac449b7 100644
--- a/src/gallium/auxiliary/draw/draw_pipe.c
+++ b/src/gallium/auxiliary/draw/draw_pipe.c
@@ -33,6 +33,7 @@
#include "draw/draw_private.h"
#include "draw/draw_pipe.h"
#include "util/u_debug.h"
+#include "util/u_math.h"
@@ -193,7 +194,7 @@ static void do_triangle( struct draw_context *draw,
do_point( draw, verts + stride * (i0) ); \
} while (0)
-#define GET_ELT(idx) (elts[idx])
+#define GET_ELT(idx) (MIN2(elts[idx], max_index))
#define FUNC pipe_run_elts
#define FUNC_VARS \
@@ -203,7 +204,8 @@ static void do_triangle( struct draw_context *draw,
struct vertex_header *vertices, \
unsigned stride, \
const ushort *elts, \
- unsigned count
+ unsigned count, \
+ unsigned max_index
#include "draw_pt_decompose.h"
@@ -262,7 +264,8 @@ void draw_pipeline_run( struct draw_context *draw,
vert_info->verts,
vert_info->stride,
prim_info->elts + start,
- count);
+ count,
+ vert_info->count - 1);
}
draw->pipeline.verts = NULL;
diff --git a/src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h b/src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h
index 75cbec8..2e94705 100644
--- a/src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h
+++ b/src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h
@@ -55,7 +55,7 @@ CONCAT(vsplit_primitive_, ELT_TYPE)(struct vsplit_frontend *vsplit,
for (i = 0; i < icount; i++) {
ELT_TYPE idx = ib[i];
- if (idx < min_index || idx > max_index) {
+ if (idx < min_index || idx > max_index) {
debug_printf("warning: index out of range\n");
}
}
@@ -90,7 +90,7 @@ CONCAT(vsplit_primitive_, ELT_TYPE)(struct vsplit_frontend *vsplit,
if (idx < min_index || idx > max_index) {
debug_printf("warning: index out of range\n");
- }
+ }
vsplit->draw_elts[i] = (ushort) idx;
}
}
@@ -100,7 +100,7 @@ CONCAT(vsplit_primitive_, ELT_TYPE)(struct vsplit_frontend *vsplit,
if (idx < min_index || idx > max_index) {
debug_printf("warning: index out of range\n");
- }
+ }
vsplit->draw_elts[i] = (ushort) (idx - min_index);
}
}
More information about the mesa-commit
mailing list