[Mesa-dev] [PATCH 2/8] mesa: Fix off-by-one error in transform feedback size check.
Kenneth Graunke
kenneth at whitecape.org
Wed Dec 14 02:22:12 PST 2011
On 12/13/2011 03:35 PM, Paul Berry wrote:
> In _mesa_BindBufferRange(), we need to verify that the offset and size
> specified by the client do not exceed the size of the underlying
> buffer. We were accidentally doing this check using ">=" rather than
> ">", so we were generating a bogus error if the client specified an
> offset and size that fit exactly in the underlying buffer.
> ---
> src/mesa/main/transformfeedback.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/src/mesa/main/transformfeedback.c b/src/mesa/main/transformfeedback.c
> index 799245d..78ca64d 100644
> --- a/src/mesa/main/transformfeedback.c
> +++ b/src/mesa/main/transformfeedback.c
> @@ -486,7 +486,7 @@ _mesa_BindBufferRange(GLenum target, GLuint index,
> return;
> }
>
> - if (offset + size >= bufObj->Size) {
> + if (offset + size > bufObj->Size) {
> _mesa_error(ctx, GL_INVALID_VALUE,
> "glBindBufferRange(offset + size %d > buffer size %d)",
> (int) (offset + size), (int) (bufObj->Size));
Whoops. Good catch.
Reviewed-by: Kenneth Graunke <kenneth at whitecape.org>
More information about the mesa-dev
mailing list