[Mesa-dev] [PATCH 3/8] mesa: add more bounds-checking support for client memory buffers
nobled
nobled at dreamwidth.org
Tue Apr 19 19:30:24 PDT 2011
---
src/mesa/main/colortab.c | 4 +-
src/mesa/main/pbo.c | 64 +++++++++++++++++++++++++++------------------
src/mesa/main/pbo.h | 8 +++---
src/mesa/main/polygon.c | 7 +++--
4 files changed, 48 insertions(+), 35 deletions(-)
diff --git a/src/mesa/main/colortab.c b/src/mesa/main/colortab.c
index 35b3096..5414acc 100644
--- a/src/mesa/main/colortab.c
+++ b/src/mesa/main/colortab.c
@@ -190,7 +190,7 @@ store_colortable_entries(struct gl_context *ctx,
struct gl_color_table *table,
{
data = _mesa_map_validate_pbo_source(ctx,
1, &ctx->Unpack, count, 1, 1,
- format, type, data,
+ format, type, INT_MAX, data,
"glColor[Sub]Table");
if (!data)
return;
@@ -614,7 +614,7 @@ _mesa_GetColorTable( GLenum target, GLenum format,
data = _mesa_map_validate_pbo_dest(ctx,
1, &ctx->Pack, table->Size, 1, 1,
- format, type, data,
+ format, type, INT_MAX, data,
"glGetColorTable");
if (!data)
return;
diff --git a/src/mesa/main/pbo.c b/src/mesa/main/pbo.c
index 0a686db..15e0480 100644
--- a/src/mesa/main/pbo.c
+++ b/src/mesa/main/pbo.c
@@ -155,26 +155,32 @@ _mesa_map_pbo_source(struct gl_context *ctx,
*/
const GLvoid *
_mesa_map_validate_pbo_source(struct gl_context *ctx,
- GLuint dimensions,
- const struct gl_pixelstore_attrib *unpack,
- GLsizei width, GLsizei height, GLsizei depth,
- GLenum format, GLenum type, const GLvoid *ptr,
- const char *where)
+ GLuint dimensions,
+ const struct gl_pixelstore_attrib *unpack,
+ GLsizei width, GLsizei height, GLsizei depth,
+ GLenum format, GLenum type, GLsizei
clientMemSize,
+ const GLvoid *ptr, const char *where)
{
ASSERT(dimensions == 1 || dimensions == 2 || dimensions == 3);
- if (!_mesa_is_bufferobj(unpack->BufferObj)) {
- /* non-PBO access: no validation to be done */
- return ptr;
- }
-
if (!_mesa_validate_pbo_access(dimensions, unpack, width, height, depth,
- format, type, INT_MAX, ptr)) {
- _mesa_error(ctx, GL_INVALID_OPERATION,
- "%s(out of bounds PBO access)", where);
+ format, type, clientMemSize, ptr)) {
+ if (_mesa_is_bufferobj(unpack->BufferObj)) {
+ _mesa_error(ctx, GL_INVALID_OPERATION,
+ "%s(out of bounds PBO access)", where);
+ } else {
+ _mesa_error(ctx, GL_INVALID_OPERATION,
+ "%s(out of bounds access: bufSize (%d) is too small)",
+ where, clientMemSize);
+ }
return NULL;
}
+ if (!_mesa_is_bufferobj(unpack->BufferObj)) {
+ /* non-PBO access: no further validation to be done */
+ return ptr;
+ }
+
if (_mesa_bufferobj_mapped(unpack->BufferObj)) {
/* buffer is already mapped - that's an error */
_mesa_error(ctx, GL_INVALID_OPERATION, "%s(PBO is mapped)", where);
@@ -245,26 +251,32 @@ _mesa_map_pbo_dest(struct gl_context *ctx,
*/
GLvoid *
_mesa_map_validate_pbo_dest(struct gl_context *ctx,
- GLuint dimensions,
- const struct gl_pixelstore_attrib *unpack,
- GLsizei width, GLsizei height, GLsizei depth,
- GLenum format, GLenum type, GLvoid *ptr,
- const char *where)
+ GLuint dimensions,
+ const struct gl_pixelstore_attrib *unpack,
+ GLsizei width, GLsizei height, GLsizei depth,
+ GLenum format, GLenum type, GLsizei
clientMemSize,
+ GLvoid *ptr, const char *where)
{
ASSERT(dimensions == 1 || dimensions == 2 || dimensions == 3);
- if (!_mesa_is_bufferobj(unpack->BufferObj)) {
- /* non-PBO access: no validation to be done */
- return ptr;
- }
-
if (!_mesa_validate_pbo_access(dimensions, unpack, width, height, depth,
- format, type, INT_MAX, ptr)) {
- _mesa_error(ctx, GL_INVALID_OPERATION,
- "%s(out of bounds PBO access)", where);
+ format, type, clientMemSize, ptr)) {
+ if (_mesa_is_bufferobj(unpack->BufferObj)) {
+ _mesa_error(ctx, GL_INVALID_OPERATION,
+ "%s(out of bounds PBO access)", where);
+ } else {
+ _mesa_error(ctx, GL_INVALID_OPERATION,
+ "%s(out of bounds access: bufSize (%d) is too small)",
+ where, clientMemSize);
+ }
return NULL;
}
+ if (!_mesa_is_bufferobj(unpack->BufferObj)) {
+ /* non-PBO access: no further validation to be done */
+ return ptr;
+ }
+
if (_mesa_bufferobj_mapped(unpack->BufferObj)) {
/* buffer is already mapped - that's an error */
_mesa_error(ctx, GL_INVALID_OPERATION, "%s(PBO is mapped)", where);
diff --git a/src/mesa/main/pbo.h b/src/mesa/main/pbo.h
index 17039cf..00a6e61 100644
--- a/src/mesa/main/pbo.h
+++ b/src/mesa/main/pbo.h
@@ -47,8 +47,8 @@ _mesa_map_validate_pbo_source(struct gl_context *ctx,
GLuint dimensions,
const struct gl_pixelstore_attrib *unpack,
GLsizei width, GLsizei height, GLsizei depth,
- GLenum format, GLenum type, const GLvoid *ptr,
- const char *where);
+ GLenum format, GLenum type, GLsizei
clientMemSize,
+ const GLvoid *ptr, const char *where);
extern void
_mesa_unmap_pbo_source(struct gl_context *ctx,
@@ -64,8 +64,8 @@ _mesa_map_validate_pbo_dest(struct gl_context *ctx,
GLuint dimensions,
const struct gl_pixelstore_attrib *unpack,
GLsizei width, GLsizei height, GLsizei depth,
- GLenum format, GLenum type, GLvoid *ptr,
- const char *where);
+ GLenum format, GLenum type, GLsizei clientMemSize,
+ GLvoid *ptr, const char *where);
extern void
_mesa_unmap_pbo_dest(struct gl_context *ctx,
diff --git a/src/mesa/main/polygon.c b/src/mesa/main/polygon.c
index ff4232e..c985235 100644
--- a/src/mesa/main/polygon.c
+++ b/src/mesa/main/polygon.c
@@ -195,7 +195,8 @@ _mesa_polygon_stipple(struct gl_context *ctx,
const GLubyte *pattern)
{
pattern = _mesa_map_validate_pbo_source(ctx, 2,
&ctx->Unpack, 32, 32, 1,
- GL_COLOR_INDEX, GL_BITMAP, pattern,
+ GL_COLOR_INDEX, GL_BITMAP,
+ INT_MAX, pattern,
"glPolygonStipple");
if (!pattern)
return;
@@ -241,8 +242,8 @@ _mesa_GetPolygonStipple( GLubyte *dest )
dest = _mesa_map_validate_pbo_dest(ctx, 2,
&ctx->Pack, 32, 32, 1,
- GL_COLOR_INDEX, GL_BITMAP, dest,
- "glGetPolygonStipple");
+ GL_COLOR_INDEX, GL_BITMAP,
+ INT_MAX, dest, "glGetPolygonStipple");
if (!dest)
return;
--
1.7.0.4
More information about the mesa-dev
mailing list