[Mesa-dev] [PATCH] i965: Assert that the binding table isn't bigger than surf_offsets
Jason Ekstrand
jason at jlekstrand.net
Thu Mar 2 20:27:28 UTC 2017
On Thu, Mar 2, 2017 at 10:21 AM, Kenneth Graunke <kenneth at whitecape.org>
wrote:
> On Wednesday, March 1, 2017 10:40:24 PM PST Jason Ekstrand wrote:
> > We used to have an assert in mark_surface_used to protect us from this
> > but it's gone now. Instead, we'll assert right before we try to memcpy
> > the contents of surf_offset into the binding table.
> > ---
> > src/mesa/drivers/dri/i965/brw_binding_tables.c | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/src/mesa/drivers/dri/i965/brw_binding_tables.c
> b/src/mesa/drivers/dri/i965/brw_binding_tables.c
> > index 9ca841a..3c795ae 100644
> > --- a/src/mesa/drivers/dri/i965/brw_binding_tables.c
> > +++ b/src/mesa/drivers/dri/i965/brw_binding_tables.c
> > @@ -121,6 +121,8 @@ brw_upload_binding_table(struct brw_context *brw,
> > &stage_state->bind_bo_offset);
> >
> > /* BRW_NEW_SURFACES and BRW_NEW_*_CONSTBUF */
> > + assert(prog_data->binding_table.size_bytes <=
> > + sizeof(stage_state->surf_offset));
> > memcpy(bind, stage_state->surf_offset,
> > prog_data->binding_table.size_bytes);
> > }
> >
>
> This is too late. You will have already tried to write too much data
> into surf_offset[] when populating it.
>
Bummer. :( I'll give it another go.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/mesa-dev/attachments/20170302/8ab6944c/attachment.html>
More information about the mesa-dev
mailing list