[Mesa-dev] [PATCH 2/8] mesa: Fix off-by-one error in transform feedback size check.
Brian Paul
brian.e.paul at gmail.com
Tue Dec 13 15:54:51 PST 2011
On Tue, Dec 13, 2011 at 4:35 PM, Paul Berry <stereotype441 at gmail.com> wrote:
> In _mesa_BindBufferRange(), we need to verify that the offset and size
> specified by the client do not exceed the size of the underlying
> buffer. We were accidentally doing this check using ">=" rather than
> ">", so we were generating a bogus error if the client specified an
> offset and size that fit exactly in the underlying buffer.
> ---
> src/mesa/main/transformfeedback.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/mesa/main/transformfeedback.c b/src/mesa/main/transformfeedback.c
> index 799245d..78ca64d 100644
> --- a/src/mesa/main/transformfeedback.c
> +++ b/src/mesa/main/transformfeedback.c
> @@ -486,7 +486,7 @@ _mesa_BindBufferRange(GLenum target, GLuint index,
> return;
> }
>
> - if (offset + size >= bufObj->Size) {
> + if (offset + size > bufObj->Size) {
> _mesa_error(ctx, GL_INVALID_VALUE,
> "glBindBufferRange(offset + size %d > buffer size %d)",
> (int) (offset + size), (int) (bufObj->Size));
Reviewed-by: Brian Paul <brianp at vmware.com>
More information about the mesa-dev
mailing list