[Mesa-dev] Bogus bounds checking in api_validate.c?
Ian Romanick
idr at freedesktop.org
Thu Nov 6 20:09:18 PST 2014
While working on some other things, I came across some bounds checking
code in _mesa_validate_DrawElements (and related functions) in
api_validate.c.
/* use indices in the buffer object */
/* make sure count doesn't go outside buffer bounds */
if (index_bytes(type, count) > ctx->Array.VAO->IndexBufferObj->Size) {
_mesa_warning(ctx, "glDrawElements index out of buffer bounds");
return GL_FALSE;
}
index_bytes calculates how many bytes of data "count" indices will
occupy based on the type. The problem is that this doesn't consider
the base pointer. As far as I can tell, if I had a 64 byte buffer
object for my index data, and I did
glDrawElements(GL_POINTS, 16, GL_UNSIGNED_INT, 60);
_mesa_validate_DrawElements would say, "Ok!"
Am I missing something, or is this just broken?
More information about the mesa-dev
mailing list