Mesa (master): gallium/u_vbuf: Protect against overflow with large instance divisors.
Eric Anholt
anholt at kemper.freedesktop.org
Tue Mar 27 00:49:25 UTC 2018
Module: Mesa
Branch: master
Commit: 0356db022da819176d9d0eacab63d4c2c852f876
URL: http://cgit.freedesktop.org/mesa/mesa/commit/?id=0356db022da819176d9d0eacab63d4c2c852f876
Author: Eric Anholt <eric at anholt.net>
Date: Tue Mar 20 10:42:12 2018 -0700
gallium/u_vbuf: Protect against overflow with large instance divisors.
GTF-GLES3.gtf.GL3Tests.instanced_arrays.instanced_arrays_divisor uses -1
as a divisor, so we would overflow to count=0 and upload no data,
triggering the assert below. We want to upload 1 element in this case,
fixing the test on VC5.
v2: Use some more obvious logic, and explain why we don't use the normal
round_up().
Reviewed-by: Brian Paul <brianp at vmware.com>
---
src/gallium/auxiliary/util/u_vbuf.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/gallium/auxiliary/util/u_vbuf.c b/src/gallium/auxiliary/util/u_vbuf.c
index 95d7990c6c..8a680d60a6 100644
--- a/src/gallium/auxiliary/util/u_vbuf.c
+++ b/src/gallium/auxiliary/util/u_vbuf.c
@@ -936,7 +936,16 @@ u_vbuf_upload_buffers(struct u_vbuf *mgr,
size = mgr->ve->src_format_size[i];
} else if (instance_div) {
/* Per-instance attrib. */
- unsigned count = (num_instances + instance_div - 1) / instance_div;
+
+ /* Figure out how many instances we'll render given instance_div. We
+ * can't use the typical div_round_up() pattern because the CTS uses
+ * instance_div = ~0 for a test, which overflows div_round_up()'s
+ * addition.
+ */
+ unsigned count = num_instances / instance_div;
+ if (count * instance_div != num_instances)
+ count++;
+
first += vb->stride * start_instance;
size = vb->stride * (count - 1) + mgr->ve->src_format_size[i];
} else {
More information about the mesa-commit
mailing list