[Mesa-dev] [PATCH 2/8] mesa: Fix off-by-one error in transform feedback size check.

Kenneth Graunke kenneth at whitecape.org
Wed Dec 14 02:22:12 PST 2011


On 12/13/2011 03:35 PM, Paul Berry wrote:
> In _mesa_BindBufferRange(), we need to verify that the offset and size
> specified by the client do not exceed the size of the underlying
> buffer.  We were accidentally doing this check using ">=" rather than
> ">", so we were generating a bogus error if the client specified an
> offset and size that fit exactly in the underlying buffer.
> ---
>  src/mesa/main/transformfeedback.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/src/mesa/main/transformfeedback.c b/src/mesa/main/transformfeedback.c
> index 799245d..78ca64d 100644
> --- a/src/mesa/main/transformfeedback.c
> +++ b/src/mesa/main/transformfeedback.c
> @@ -486,7 +486,7 @@ _mesa_BindBufferRange(GLenum target, GLuint index,
>        return;
>     }
>  
> -   if (offset + size >= bufObj->Size) {
> +   if (offset + size > bufObj->Size) {
>        _mesa_error(ctx, GL_INVALID_VALUE,
>                    "glBindBufferRange(offset + size %d > buffer size %d)",
>  		  (int) (offset + size), (int) (bufObj->Size));

Whoops.  Good catch.

Reviewed-by: Kenneth Graunke <kenneth at whitecape.org>


More information about the mesa-dev mailing list