mesa: Fix indirect draw buffer size check on 32-bit systems.
authorKenneth Graunke <kenneth@whitecape.org>
Tue, 26 Apr 2016 05:34:37 +0000 (22:34 -0700)
committerKenneth Graunke <kenneth@whitecape.org>
Thu, 28 Apr 2016 23:31:45 +0000 (16:31 -0700)
Fixes dEQP-GLES31.functional subtests:
draw_indirect.negative.command_offset_not_in_buffer_signed32_wrap
draw_indirect.negative.command_offset_not_in_buffer_unsigned32_wrap

These tests use really large values that overflow GLsizeiptr, at
which point the buffer size isn't less than "end".

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=95138
Signed-off-by: Kenneth Graunke <kenneth@whitecape.org>
Reviewed-by: Alejandro PiƱeiro <apinheiro@igalia.com>
Reviewed-by: Mark Janes <mark.a.janes@intel.com>
src/mesa/main/api_validate.c

index 2b629977644643d0f7e9c610417c2a1fd82ff20c..688408f8dee3ab6bbf0227b9007d432295431009 100644 (file)
@@ -696,7 +696,7 @@ valid_draw_indirect(struct gl_context *ctx,
                     GLenum mode, const GLvoid *indirect,
                     GLsizei size, const char *name)
 {
-   const GLsizeiptr end = (GLsizeiptr)indirect + size;
+   const uint64_t end = (uint64_t) (uintptr_t) indirect + size;
 
    /* OpenGL ES 3.1 spec. section 10.5:
     *