[Mesa-dev] [PATCH] st/mesa: fix segfault in BufferData if size is 0 and buffer is NULL
Jose Fonseca
jfonseca at vmware.com
Thu Apr 25 13:48:48 PDT 2013
Looks good to me. Thanks.
Jose
----- Original Message -----
> If the size is 0, there is nothing to do and st_obj->buffer can be NULL.
> st_obj->buffer should not be NULL in any other case.
>
> This fixes a segfault in Topogun. Reported by Jose Fonseca.
> ---
> src/mesa/state_tracker/st_cb_bufferobjects.c | 5 ++++-
> 1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/src/mesa/state_tracker/st_cb_bufferobjects.c
> b/src/mesa/state_tracker/st_cb_bufferobjects.c
> index 1b3991c..b1fbe03 100644
> --- a/src/mesa/state_tracker/st_cb_bufferobjects.c
> +++ b/src/mesa/state_tracker/st_cb_bufferobjects.c
> @@ -182,13 +182,16 @@ st_bufferobj_data(struct gl_context *ctx,
> struct st_buffer_object *st_obj = st_buffer_object(obj);
> unsigned bind, pipe_usage;
>
> - if (st_obj->Base.Size == size && st_obj->Base.Usage == usage && data) {
> + if (size && data &&
> + st_obj->Base.Size == size && st_obj->Base.Usage == usage) {
> /* Just discard the old contents and write new data.
> * This should be the same as creating a new buffer, but we avoid
> * a lot of validation in Mesa.
> */
> struct pipe_box box;
>
> + assert(st_obj->buffer);
> +
> u_box_1d(0, size, &box);
> pipe->transfer_inline_write(pipe, st_obj->buffer, 0,
> PIPE_TRANSFER_DISCARD_WHOLE_RESOURCE,
> --
> 1.7.10.4
>
> _______________________________________________
> mesa-dev mailing list
> mesa-dev at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/mesa-dev
>
More information about the mesa-dev
mailing list