Fredrik's implementation of ARB_vertex_attrib_binding introduced new
gl_vertex_attrib_array and gl_vertex_buffer_binding structures, and
converted Mesa's older gl_client_array to be derived state. Ultimately,
we'd like to drop gl_client_array and use those structures directly.
One hitch is that gl_client_array::_MaxElement doesn't correspond to
either structure (unlike every other field), so we'd have to figure out
where to store it. The _MaxElement computation uses values from both
structures, so it doesn't really belong in either place. We could put
it in the VAO, but we'd have to pass it around everywhere.
It turns out that it's only used when ctx->Const.CheckArrayBounds is
set, which is only set by the (rarely used) classic swrast driver.
It appears that drivers/x11 used to set it as well, which was intended
to avoid segmentation faults on out-of-bounds memory access in the X
server (probably for indirect GLX clients). However, ajax deleted that
code in 2010 (commit
1ccef926be46dce3b6b5c76e812e2fae4e205ce7).
The bounds checking apparently doesn't actually work, either. Non-VBO
attributes arbitrarily set _MaxElement to 2 * 1000 * 1000 * 1000.
vbo_save_draw and vbo_exec_draw remark /* ??? */ when setting it, and
the i965 code contains a comment noting that _MaxElement is often bogus.
Given that the code is complex, rarely used, and dubiously functional,
it doesn't seem worth maintaining going forward. This patch drops it.
This will probably mean the classic swrast driver may begin crashing on
out of bounds vertex buffer access in some cases, but I believe that is
allowed by OpenGL (and probably happened for non-VBO accesses anyway).
There do not appear to be any Piglit regressions, either.
Signed-off-by: Kenneth Graunke <kenneth@whitecape.org>
Reviewed-by: Brian Paul <brianp@vmware.com>
Reviewed-by: Eric Anholt <eric@anholt.net>
Acked-by: Roland Scheidegger <sroland@vmware.com>
/* This is a common place to reach if the user mistakenly supplies
* a pointer in place of a VBO offset. If we just let it go through,
* we may end up dereferencing a pointer beyond the bounds of the
- * GTT. We would hope that the VBO's max_index would save us, but
- * Mesa appears to hand us min/max values not clipped to the
- * array object's _MaxElement, and _MaxElement frequently appears
- * to be wrong anyway.
+ * GTT.
*
* The VBO spec allows application termination in this case, and it's
* probably a service to the poor programmer to do so rather than
driContextSetFlags(mesaCtx, flags);
- /* do bounds checking to prevent segfaults and server crashes! */
- mesaCtx->Const.CheckArrayBounds = GL_TRUE;
-
/* create module contexts */
_swrast_CreateContext( mesaCtx );
_vbo_CreateContext( mesaCtx );
}
-/**
- * Do bounds checking on array element indexes. Check that the vertices
- * pointed to by the indices don't lie outside buffer object bounds.
- * \return GL_TRUE if OK, GL_FALSE if any indexed vertex goes is out of bounds
- */
-static GLboolean
-check_index_bounds(struct gl_context *ctx, GLsizei count, GLenum type,
- const GLvoid *indices, GLint basevertex)
-{
- struct _mesa_prim prim;
- struct _mesa_index_buffer ib;
- GLuint min, max;
-
- /* Only the X Server needs to do this -- otherwise, accessing outside
- * array/BO bounds allows application termination.
- */
- if (!ctx->Const.CheckArrayBounds)
- return GL_TRUE;
-
- memset(&prim, 0, sizeof(prim));
- prim.count = count;
-
- memset(&ib, 0, sizeof(ib));
- ib.type = type;
- ib.ptr = indices;
- ib.obj = ctx->Array.VAO->IndexBufferObj;
-
- vbo_get_minmax_indices(ctx, &prim, &ib, &min, &max, 1);
-
- if ((int)(min + basevertex) < 0 ||
- max + basevertex >= ctx->Array.VAO->_MaxElement) {
- /* the max element is out of bounds of one or more enabled arrays */
- _mesa_warning(ctx, "glDrawElements() index=%u is out of bounds (max=%u)",
- max, ctx->Array.VAO->_MaxElement);
- return GL_FALSE;
- }
-
- return GL_TRUE;
-}
-
-
/**
* Is 'mode' a valid value for glBegin(), glDrawArrays(), glDrawElements(),
* etc? The set of legal values depends on whether geometry shaders/programs
return GL_FALSE;
}
- if (!check_index_bounds(ctx, count, type, indices, basevertex))
- return GL_FALSE;
-
if (count == 0)
return GL_FALSE;
}
}
- for (i = 0; i < primcount; i++) {
- if (!check_index_bounds(ctx, count[i], type, indices[i],
- basevertex ? basevertex[i] : 0))
- return GL_FALSE;
- }
-
return GL_TRUE;
}
return GL_FALSE;
}
- if (!check_index_bounds(ctx, count, type, indices, basevertex))
- return GL_FALSE;
-
if (count == 0)
return GL_FALSE;
if (!check_valid_to_render(ctx, "glDrawArrays"))
return GL_FALSE;
- if (ctx->Const.CheckArrayBounds) {
- if (start + count > (GLint) ctx->Array.VAO->_MaxElement)
- return GL_FALSE;
- }
-
/* From the GLES3 specification, section 2.14.2 (Transform Feedback
* Primitive Capture):
*
if (!check_valid_to_render(ctx, "glDrawArraysInstanced(invalid to render)"))
return GL_FALSE;
- if (ctx->Const.CheckArrayBounds) {
- if (first + count > (GLint) ctx->Array.VAO->_MaxElement)
- return GL_FALSE;
- }
-
/* From the GLES3 specification, section 2.14.2 (Transform Feedback
* Primitive Capture):
*
if (count == 0)
return GL_FALSE;
- if (!check_index_bounds(ctx, count, type, indices, basevertex))
- return GL_FALSE;
-
return GL_TRUE;
}
}
-
-/**
- * Helper for _mesa_update_vao_max_element().
- * \return min(vao->_VertexAttrib[*]._MaxElement).
- */
-static GLuint
-compute_max_element(struct gl_vertex_array_object *vao, GLbitfield64 enabled)
-{
- GLuint min = ~((GLuint)0);
-
- while (enabled) {
- struct gl_client_array *client_array;
- GLint attrib = ffsll(enabled) - 1;
- enabled ^= BITFIELD64_BIT(attrib);
-
- client_array = &vao->_VertexAttrib[attrib];
- assert(client_array->Enabled);
- _mesa_update_array_max_element(client_array);
- min = MIN2(min, client_array->_MaxElement);
- }
-
- return min;
-}
-
-
-/**
- * Examine vertex arrays to update the gl_vertex_array_object::_MaxElement field.
- */
-void
-_mesa_update_vao_max_element(struct gl_context *ctx,
- struct gl_vertex_array_object *vao)
-{
- GLbitfield64 enabled;
-
- if (!ctx->VertexProgram._Current ||
- ctx->VertexProgram._Current == ctx->VertexProgram._TnlProgram) {
- enabled = _mesa_array_object_get_enabled_ff(vao);
- } else {
- enabled = _mesa_array_object_get_enabled_arb(vao);
- }
-
- /* _MaxElement is one past the last legal array element */
- vao->_MaxElement = compute_max_element(vao, enabled);
-}
-
-
/**
* Updates the derived gl_client_arrays when a gl_vertex_attrib_array
* or a gl_vertex_buffer_binding has changed.
struct gl_vertex_array_object *obj, GLuint name);
-extern void
-_mesa_update_vao_max_element(struct gl_context *ctx,
- struct gl_vertex_array_object *vao);
-
extern void
_mesa_update_vao_client_arrays(struct gl_context *ctx,
struct gl_vertex_array_object *vao);
/* _Enabled must be the same than on push */
dest->_Enabled = src->_Enabled;
dest->NewArrays = src->NewArrays;
- dest->_MaxElement = src->_MaxElement;
}
/**
*/
consts->VertexID_is_zero_based = false;
- /* CheckArrayBounds is overriden by drivers/x11 for X server */
- consts->CheckArrayBounds = GL_FALSE;
-
/* GL_ARB_draw_buffers */
consts->MaxDrawBuffers = MAX_DRAW_BUFFERS;
GLuint _ElementSize; /**< size of each element in bytes */
struct gl_buffer_object *BufferObj;/**< GL_ARB_vertex_buffer_object */
- GLuint _MaxElement; /**< max element index into array buffer + 1 */
};
/** Mask of VERT_BIT_* values indicating changed/dirty arrays */
GLbitfield64 NewArrays;
- /**
- * Min of all enabled arrays' _MaxElement. When arrays reside inside VBOs
- * we can determine the max legal (in bounds) glDrawElements array index.
- */
- GLuint _MaxElement;
-
/** The index buffer (also known as the element array buffer in OpenGL). */
struct gl_buffer_object *IndexBufferObj;
};
GLuint PrimitivesWritten;
} QueryCounterBits;
- /** vertex array / buffer object bounds checking */
- GLboolean CheckArrayBounds;
-
GLuint MaxDrawBuffers; /**< GL_ARB_draw_buffers */
GLuint MaxColorAttachments; /**< GL_EXT_framebuffer_object */
if (new_state & _NEW_ARRAY)
_mesa_update_vao_client_arrays(ctx, ctx->Array.VAO);
- if (ctx->Const.CheckArrayBounds &&
- new_state & (_NEW_ARRAY | _NEW_PROGRAM | _NEW_BUFFER_OBJECT)) {
- _mesa_update_vao_max_element(ctx, ctx->Array.VAO);
- }
-
out:
new_prog_state |= update_program_constants(ctx);
dst->InstanceDivisor = src->InstanceDivisor;
dst->_ElementSize = src->_ElementSize;
_mesa_reference_buffer_object(ctx, &dst->BufferObj, src->BufferObj);
- dst->_MaxElement = src->_MaxElement;
}
void
printf(" %s[%d]: ", name, index);
else
printf(" %s: ", name);
- printf("Ptr=%p, Type=0x%x, Size=%d, ElemSize=%u, Stride=%d, Buffer=%u(Size %lu), MaxElem=%u\n",
+ printf("Ptr=%p, Type=0x%x, Size=%d, ElemSize=%u, Stride=%d, Buffer=%u(Size %lu)\n",
array->Ptr, array->Type, array->Size,
array->_ElementSize, array->StrideB,
- array->BufferObj->Name, (unsigned long) array->BufferObj->Size,
- array->_MaxElement);
+ array->BufferObj->Name, (unsigned long) array->BufferObj->Size);
}
struct gl_vertex_array_object *vao = ctx->Array.VAO;
GLuint i;
- _mesa_update_vao_max_element(ctx, vao);
-
printf("Array Object %u\n", vao->Name);
if (vao->_VertexAttrib[VERT_ATTRIB_POS].Enabled)
print_array("Vertex", -1, &vao->_VertexAttrib[VERT_ATTRIB_POS]);
for (i = 0; i < VERT_ATTRIB_GENERIC_MAX; i++)
if (vao->_VertexAttrib[VERT_ATTRIB_GENERIC(i)].Enabled)
print_array("Attrib", i, &vao->_VertexAttrib[VERT_ATTRIB_GENERIC(i)]);
- printf(" _MaxElement = %u\n", vao->_MaxElement);
}
struct gl_client_array;
struct gl_context;
-
-/**
- * Compute the index of the last array element that can be safely accessed in
- * a vertex array. We can really only do this when the array lives in a VBO.
- * The array->_MaxElement field will be updated.
- * Later in glDrawArrays/Elements/etc we can do some bounds checking.
- */
-static inline void
-_mesa_update_array_max_element(struct gl_client_array *array)
-{
- assert(array->Enabled);
-
- if (array->BufferObj->Name) {
- GLsizeiptrARB offset = (GLsizeiptrARB) array->Ptr;
- GLsizeiptrARB bufSize = (GLsizeiptrARB) array->BufferObj->Size;
-
- if (offset < bufSize) {
- const GLuint stride = array->StrideB ?
- array->StrideB : array->_ElementSize;
- array->_MaxElement = (bufSize - offset + stride
- - array->_ElementSize) / stride;
- }
- else {
- array->_MaxElement = 0;
- }
- }
- else {
- /* user-space array, no idea how big it is */
- array->_MaxElement = 2 * 1000 * 1000 * 1000; /* just a big number */
- }
-}
-
-
/**
* Returns a pointer to the vertex attribute data in a client array,
* or the offset into the vertex buffer for an array that resides in
{
static GLuint warnCount = 0;
GLboolean index_bounds_valid = GL_TRUE;
- GLuint max_element;
+
+ /* This is only useful to catch invalid values in the "end" parameter
+ * like ~0.
+ */
+ GLuint max_element = 2 * 1000 * 1000 * 1000; /* just a big number */
+
GET_CURRENT_CONTEXT(ctx);
if (MESA_VERBOSE & VERBOSE_DRAW)
type, indices, basevertex ))
return;
- if (ctx->Const.CheckArrayBounds) {
- /* _MaxElement was computed, so we can use it.
- * This path is used for drivers which need strict bounds checking.
- */
- max_element = ctx->Array.VAO->_MaxElement;
- }
- else {
- /* Generally, hardware drivers don't need to know the buffer bounds
- * if all vertex attributes are in VBOs.
- * However, if none of vertex attributes are in VBOs, _MaxElement
- * is always set to some random big number anyway, so bounds checking
- * is mostly useless.
- *
- * This is only useful to catch invalid values in the "end" parameter
- * like ~0.
- */
- max_element = 2 * 1000 * 1000 * 1000; /* just a big number */
- }
-
if ((int) end + basevertex < 0 ||
start + basevertex >= max_element) {
/* The application requested we draw using a range of indices that's
struct vbo_context *vbo = vbo_context(ctx);
struct vbo_exec_context *exec = &vbo->exec;
struct gl_client_array *arrays = exec->vtx.arrays;
- const GLuint count = exec->vtx.vert_count;
const GLuint *map;
GLuint attr;
GLbitfield64 varying_inputs = 0x0;
_mesa_reference_buffer_object(ctx,
&arrays[attr].BufferObj,
exec->vtx.bufferobj);
- arrays[attr]._MaxElement = count; /* ??? */
varying_inputs |= VERT_BIT(attr);
}
_mesa_reference_buffer_object(ctx,
&arrays[attr].BufferObj,
node->vertex_store->bufferobj);
- arrays[attr]._MaxElement = node->count; /* ??? */
assert(arrays[attr].BufferObj->Name);
dst->Integer = src->Integer;
dst->BufferObj = ctx->Shared->NullBufferObj;
dst->_ElementSize = src->_ElementSize;
- dst->_MaxElement = copy->dstbuf_size; /* may be less! */
offset += copy->varying[i].size;
}
projects / mesa.git / commitdiff