<html>
    <head>
      <base href="https://bugs.freedesktop.org/">
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - segfault in glCompressedTextureSubImage3D"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=102308">102308</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>segfault in glCompressedTextureSubImage3D
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>Mesa
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>git
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>Other
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>normal
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>medium
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>Mesa core
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>mesa-dev@lists.freedesktop.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>haagch@frickel.club
          </td>
        </tr>

        <tr>
          <th>QA Contact</th>
          <td>mesa-dev@lists.freedesktop.org
          </td>
        </tr></table>
      <p>
        <div>
        <pre>I was trying to make "high fidelity" work on mesa, but with my limited OpenGL
knowledge maybe the code is wrong.

This is the call in question:
<a href="https://github.com/ChristophHaag/hifi/blob/ec6514b13b688a2aa6154359233dcb3f3186cc0e/libraries/gpu-gl/src/gpu/gl45/GL45BackendTexture.cpp#L161-L162">https://github.com/ChristophHaag/hifi/blob/ec6514b13b688a2aa6154359233dcb3f3186cc0e/libraries/gpu-gl/src/gpu/gl45/GL45BackendTexture.cpp#L161-L162</a>

It causes this loop in compressed_tex_sub_image() to fail:
<a href="https://cgit.freedesktop.org/mesa/mesa/tree/src/mesa/main/teximage.c#n4955">https://cgit.freedesktop.org/mesa/mesa/tree/src/mesa/main/teximage.c#n4955</a>

The incoming texture has width x height 64x64.

Then as I understand it the texImage should be just a part of that texture,
however texImage->Width x texImage->Height is 64x64 too.

with that width and height, image_stride gets calculated to be 4096, which is
problematic, because imageSize was 4096 too.

So the loop ends up subtracting image_stride=4096 from imageSize=4096 six
times. Sometimes this segfaults, sometimes it runs into an assertion.

As I said, maybe the application code is wrong, but I think there is at least
some error checking in mesa missing.

valgrind also reported an invalid read in some maybe relevant code
<a href="https://gist.github.com/ChristophHaag/1af7eb4ef207a397460ff2c6719eba2e">https://gist.github.com/ChristophHaag/1af7eb4ef207a397460ff2c6719eba2e</a></pre>
        </div>
      </p>


      <hr>
      <span>You are receiving this mail because:</span>

      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>