[Mesa-dev] Mesa (master): draw: Prevent out-of-bounds vertex buffer access.
Manuel Massing
m.massing at warped-space.de
Wed Apr 6 03:52:44 PDT 2011
Hi Jose,
there seems to be a logic error in the commit
3733da31e8b4405b65e1b6ca3b6599ecc5af5fe7
(see below for the relevant section).
The "index out of range" message will be printed when the index is
actually valid, the condition should be replaced by
if (idx < min_index || idx > max_index)
cheers,
Manuel
> --- a/src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h
> +++ b/src/gallium/auxiliary/draw/draw_pt_vsplit_tmp.h
> @@ -56,7 +56,9 @@ CONCAT(vsplit_primitive_, ELT_TYPE)(struct
> vsplit_frontend *vsplit,
>
> for (i = 0; i < icount; i++) {
> ELT_TYPE idx = ib[i];
> - assert(idx >= min_index && idx <= max_index);
> + if (idx >= min_index && idx <= max_index) {
> + debug_printf("warning: index out of range\n");
> + }
> }
> draw_elts = (const ushort *) ib;
> }
> @@ -87,7 +89,9 @@ CONCAT(vsplit_primitive_, ELT_TYPE)(struct
> vsplit_frontend *vsplit, for (i = 0; i < icount; i++) {
> ELT_TYPE idx = ib[i];
>
> - assert(idx >= min_index && idx <= max_index);
> + if (idx >= min_index && idx <= max_index) {
> + debug_printf("warning: index out of range\n");
> + }
> vsplit->draw_elts[i] = (ushort) idx;
> }
> }
> @@ -95,7 +99,9 @@ CONCAT(vsplit_primitive_, ELT_TYPE)(struct
> vsplit_frontend *vsplit, for (i = 0; i < icount; i++) {
> ELT_TYPE idx = ib[i];
>
> - assert(idx >= min_index && idx <= max_index);
> + if (idx >= min_index && idx <= max_index) {
> + debug_printf("warning: index out of range\n");
> + }
> vsplit->draw_elts[i] = (ushort) (idx - min_index);
> }
> }
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20110406/475e3805/attachment.htm>
More information about the mesa-dev
mailing list