[Mesa-stable] [PATCHv2 3/4] i965: Handle non-zero texture buffer offsets in buffer object range calculation.

Nanley Chery nanleychery at gmail.com
Tue May 22 17:23:27 UTC 2018


On Mon, May 21, 2018 at 05:32:09PM -0700, Francisco Jerez wrote:
> Otherwise the specified surface state will allow the GPU to access
> memory up to BufferOffset bytes past the end of the buffer.  Found by
> inspection.
> 
> v2: Protect against out-of-range BufferOffset (Nanley).
> Cc: mesa-stable at lists.freedesktop.org
> ---
>  src/mesa/drivers/dri/i965/brw_wm_surface_state.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/src/mesa/drivers/dri/i965/brw_wm_surface_state.c b/src/mesa/drivers/dri/i965/brw_wm_surface_state.c
> index af629a17bfa..39e898243db 100644
> --- a/src/mesa/drivers/dri/i965/brw_wm_surface_state.c
> +++ b/src/mesa/drivers/dri/i965/brw_wm_surface_state.c
> @@ -647,6 +647,7 @@ buffer_texture_range_size(struct brw_context *brw,
>     const unsigned texel_size = _mesa_get_format_bytes(obj->_BufferObjectFormat);
>     const unsigned buffer_size = (!obj->BufferObject ? 0 :
>                                   obj->BufferObject->Size);
> +   const unsigned buffer_offset = MIN2(buffer_size, obj->BufferOffset);
>  

Clamping the offset is a nice solution. This patch is
Reviewed-by: Nanley Chery <nanley.g.chery at intel.com>

>     /* The ARB_texture_buffer_specification says:
>      *
> @@ -664,7 +665,8 @@ buffer_texture_range_size(struct brw_context *brw,
>      * so that when ISL divides by stride to obtain the number of texels, that
>      * texel count is clamped to MAX_TEXTURE_BUFFER_SIZE.
>      */
> -   return MIN3((unsigned)obj->BufferSize, buffer_size,
> +   return MIN3((unsigned)obj->BufferSize,
> +               buffer_size - buffer_offset,
>                 brw->ctx.Const.MaxTextureBufferSize * texel_size);
>  }
>  
> -- 
> 2.16.1
> 


More information about the mesa-stable mailing list