[Mesa-dev] [PATCH 5/5] draw/so: Fix overflow calculations
Roland Scheidegger
sroland at vmware.com
Thu Apr 25 10:30:23 PDT 2013
Am 24.04.2013 00:58, schrieb Zack Rusin:
> We weren't taking the buffer offset, destination offset or the
> stride into consideration so we were frequently writing into
> an overflown buffer.
>
> Signed-off-by: Zack Rusin <zackr at vmware.com>
> ---
> src/gallium/auxiliary/draw/draw_pt_so_emit.c | 11 ++++++++---
> 1 file changed, 8 insertions(+), 3 deletions(-)
>
> diff --git a/src/gallium/auxiliary/draw/draw_pt_so_emit.c b/src/gallium/auxiliary/draw/draw_pt_so_emit.c
> index 563bf65..e834357 100644
> --- a/src/gallium/auxiliary/draw/draw_pt_so_emit.c
> +++ b/src/gallium/auxiliary/draw/draw_pt_so_emit.c
> @@ -129,20 +129,25 @@ static void so_emit_prim(struct pt_so_emit *so,
>
> for (i = 0; i < draw->so.num_targets; i++) {
> struct draw_so_target *target = draw->so.targets[i];
> - buffer_total_bytes[i] = target->internal_offset;
> + buffer_total_bytes[i] = target->internal_offset + target->target.buffer_offset;
> }
>
> /* check have we space to emit prim first - if not don't do anything */
> for (i = 0; i < num_vertices; ++i) {
> + unsigned ob;
> for (slot = 0; slot < state->num_outputs; ++slot) {
> unsigned num_comps = state->output[slot].num_components;
> int ob = state->output[slot].output_buffer;
> + unsigned dst_offset = state->output[slot].dst_offset * sizeof(float);
> + unsigned write_size = num_comps * sizeof(float);
>
> - if ((buffer_total_bytes[ob] + num_comps * sizeof(float)) >
> + if ((buffer_total_bytes[ob] + write_size + dst_offset) >
> draw->so.targets[ob]->target.buffer_size) {
> return;
> }
> - buffer_total_bytes[ob] += num_comps * sizeof(float);
> + }
> + for (ob = 0; ob < draw->so.num_targets; ++ob) {
> + buffer_total_bytes[ob] += state->stride[ob] * sizeof(float);
> }
> }
>
>
Apart from the comments made separately, the series is
Reviewed-by: Roland Scheidegger <sroland at vmware.com>
More information about the mesa-dev
mailing list