[Mesa-dev] [PATCH] i965: Assert that the binding table isn't bigger than surf_offsets
Kenneth Graunke
kenneth at whitecape.org
Thu Mar 2 18:21:29 UTC 2017
On Wednesday, March 1, 2017 10:40:24 PM PST Jason Ekstrand wrote:
> We used to have an assert in mark_surface_used to protect us from this
> but it's gone now. Instead, we'll assert right before we try to memcpy
> the contents of surf_offset into the binding table.
> ---
> src/mesa/drivers/dri/i965/brw_binding_tables.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/src/mesa/drivers/dri/i965/brw_binding_tables.c b/src/mesa/drivers/dri/i965/brw_binding_tables.c
> index 9ca841a..3c795ae 100644
> --- a/src/mesa/drivers/dri/i965/brw_binding_tables.c
> +++ b/src/mesa/drivers/dri/i965/brw_binding_tables.c
> @@ -121,6 +121,8 @@ brw_upload_binding_table(struct brw_context *brw,
> &stage_state->bind_bo_offset);
>
> /* BRW_NEW_SURFACES and BRW_NEW_*_CONSTBUF */
> + assert(prog_data->binding_table.size_bytes <=
> + sizeof(stage_state->surf_offset));
> memcpy(bind, stage_state->surf_offset,
> prog_data->binding_table.size_bytes);
> }
>
This is too late. You will have already tried to write too much data
into surf_offset[] when populating it.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20170302/34e7cf4a/attachment.sig>
More information about the mesa-dev
mailing list