[Mesa-dev] [PATCH] st/mesa: bound the sampler count before calling into the driver.

Stéphane Marchesin marcheu at chromium.org
Fri Mar 8 19:29:50 PST 2013

With the current code, the sampler count can become higher than
PIPE_MAX_SAMPLERS and once it gets to the driver this can lead to
miscellaneous crashes and memory corruptions.

Although this is taken care of in debug mode with an assert,
there is still a way to cause a crash/overflow in release mode.

So instead, we bound the number of samplers in the state tracker.
 src/mesa/state_tracker/st_atom_texture.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/mesa/state_tracker/st_atom_texture.c b/src/mesa/state_tracker/st_atom_texture.c
index fc2d690..bcd5856 100644
--- a/src/mesa/state_tracker/st_atom_texture.c
+++ b/src/mesa/state_tracker/st_atom_texture.c
@@ -311,6 +311,7 @@ update_textures(struct st_context *st,
    new_count = MAX2(*num_textures, old_max);
    assert(new_count <= max_units);
+   new_count = MIN2(new_count, max_units);

More information about the mesa-dev mailing list