[Mesa-dev] [PATCH] gallium: Reduce trace_dump_box_bytes size by box->x.

[Bruce Cherniak]

If stride is supplied (as either stride or slice_stride),
trace_dump_box_bytes will try to read stride bytes, regardless whether
start address is offset by box->x.  This causes access outside mapped
region, and possible segv. (transfer_map stride and layer_stride are not
adjusted for box dimensions)

Note:  trace_dump_box_bytes only dumps PIPE_BUFFER resources, so there
shouldn't be any complicated boxes.  trace_dump_bytes doesn't handle them
anyway.
---
 src/gallium/drivers/trace/tr_dump.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/gallium/drivers/trace/tr_dump.c b/src/gallium/drivers/trace/tr_dump.c
index b173b8a..591e273 100644
--- a/src/gallium/drivers/trace/tr_dump.c
+++ b/src/gallium/drivers/trace/tr_dump.c
@@ -510,11 +510,13 @@ void trace_dump_box_bytes(const void *data,
       size = 0;
    } else {
       enum pipe_format format = resource->format;
-      if (slice_stride)
+      if (slice_stride) {
+         slice_stride -= util_format_get_blockwidth(format) * box->x;
          size = box->depth * slice_stride;
-      else if (stride)
+      } else if (stride) {
+         stride -= util_format_get_blockwidth(format) * box->x;
          size = util_format_get_nblocksy(format, box->height) * stride;
-      else {
+      } else {
          size = util_format_get_nblocksx(format, box->width) * util_format_get_blocksize(format);
       }
    }
-- 
2.7.4