[Mesa-dev] gallium: Reduce trace_dump_box_bytes size by box->x.

Cherniak, Bruce bruce.cherniak at intel.com
Mon Jun 26 16:28:26 UTC 2017 

Back in February, I submitted a patch for review to address an a crash in GALLIUM_TRACE.

It never got a review, and I forgot to follow up on it.  Is this a correct fix and useful to anyone
else?

Thanks,
Bruce

----

>From patchwork Wed Feb  1 20:20:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [Mesa-dev] gallium: Reduce trace_dump_box_bytes size by box->x.
From: Bruce Cherniak <bruce.cherniak at intel.com>
X-Patchwork-Id: 136378
Message-Id: <1485980438-102650-1-git-send-email-bruce.cherniak at intel.com>
To: mesa-dev at lists.freedesktop.org
Date: Wed,  1 Feb 2017 14:20:38 -0600

If stride is supplied (as either stride or slice_stride),
trace_dump_box_bytes will try to read stride bytes, regardless whether
start address is offset by box->x.  This causes access outside mapped
region, and possible segv. (transfer_map stride and layer_stride are not
adjusted for box dimensions)

Note:  trace_dump_box_bytes only dumps PIPE_BUFFER resources, so there
shouldn't be any complicated boxes.  trace_dump_bytes doesn't handle them
anyway.
---
 src/gallium/drivers/trace/tr_dump.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/gallium/drivers/trace/tr_dump.c b/src/gallium/drivers/trace/tr_dump.c
index b173b8a..591e273 100644
--- a/src/gallium/drivers/trace/tr_dump.c
+++ b/src/gallium/drivers/trace/tr_dump.c
@@ -510,11 +510,13 @@ void trace_dump_box_bytes(const void *data,
       size = 0;
    } else {
       enum pipe_format format = resource->format;
-      if (slice_stride)
+      if (slice_stride) {
+         slice_stride -= util_format_get_blockwidth(format) * box->x;
          size = box->depth * slice_stride;
-      else if (stride)
+      } else if (stride) {
+         stride -= util_format_get_blockwidth(format) * box->x;
          size = util_format_get_nblocksy(format, box->height) * stride;
-      else {
+      } else {
          size = util_format_get_nblocksx(format, box->width) * util_format_get_blocksize(format);
       }
    }

More information about the mesa-dev mailing list