[Mesa-dev] [PATCH] mesa: take into account indices offset for bounds check

Vadim Girlin vadimgirlin at gmail.com
Sat Sep 24 02:08:43 PDT 2011 

---
 src/mesa/main/api_validate.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/mesa/main/api_validate.c b/src/mesa/main/api_validate.c
index 1fcf5cd..9338f4c 100644
--- a/src/mesa/main/api_validate.c
+++ b/src/mesa/main/api_validate.c
@@ -257,7 +257,8 @@ _mesa_validate_DrawElements(struct gl_context *ctx,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      GLbyte * indices_end = (GLbyte*)indices + index_bytes(type, count);
+      if (indices_end > (GLbyte*)ctx->Array.ElementArrayBufferObj->Size) {
          _mesa_warning(ctx, "glDrawElements index out of buffer bounds");
          return GL_FALSE;
       }
@@ -318,7 +319,8 @@ _mesa_validate_DrawRangeElements(struct gl_context *ctx, GLenum mode,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      GLbyte * indices_end = (GLbyte*)indices + index_bytes(type, count);
+      if (indices_end > (GLbyte*)ctx->Array.ElementArrayBufferObj->Size) {
          _mesa_warning(ctx, "glDrawRangeElements index out of buffer bounds");
          return GL_FALSE;
       }
@@ -457,7 +459,8 @@ _mesa_validate_DrawElementsInstanced(struct gl_context *ctx,
    if (_mesa_is_bufferobj(ctx->Array.ElementArrayBufferObj)) {
       /* use indices in the buffer object */
       /* make sure count doesn't go outside buffer bounds */
-      if (index_bytes(type, count) > ctx->Array.ElementArrayBufferObj->Size) {
+      GLbyte * indices_end = (GLbyte*)indices + index_bytes(type, count);
+      if (indices_end > (GLbyte*)ctx->Array.ElementArrayBufferObj->Size) {
          _mesa_warning(ctx,
                        "glDrawElementsInstanced index out of buffer bounds");
          return GL_FALSE;
-- 
1.7.6.2

More information about the mesa-dev mailing list