mesa/main: fix MultiDrawElements[BaseVertex] validation of primcount

primcount must be a GLsizei as in the signature for MultiDrawElements
or bad things can happen.

Furthermore, an error should be flagged when primcount is negative.

Curiously, this code used to work somewhat correctly even when primcount
was negative, because the loop that checks count[i] would iterate out of
bounds and almost certainly hit a negative value at some point.

Found by an ASAN error in
GL45-CTS.gtf32.GL3Tests.draw_elements_base_vertex.draw_elements_base_vertex_primcount

Note that the OpenGL spec seems to have s/primcount/drawcount/ at some
point, and the code still reflects the old language.

v2: provide the correct spec quotes (pointed out by Ian)

Cc: mesa-stable@lists.freedesktop.org
Reviewed-by: Marek Olšák <marek.olsak@amd.com> (v1)
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>

diff --git a/src/mesa/main/api_validate.c b/src/mesa/main/api_validate.c
index 184bf143edf9f56be79f4b843ce1f1bd886a8427..44d164ad3553aee0790d16fed17f02fb9cb3f1e7 100644 (file)
--- a/src/mesa/main/api_validate.c
+++ b/src/mesa/main/api_validate.c
@@ -724,12 +724,32 @@ GLboolean
 _mesa_validate_MultiDrawElements(struct gl_context *ctx,
                                  GLenum mode, const GLsizei *count,
                                  GLenum type, const GLvoid * const *indices,
-                                 GLuint primcount)
+                                 GLsizei primcount)
 {
-   unsigned i;
+   GLsizei i;
 
    FLUSH_CURRENT(ctx, 0);
 
+   /*
+    * Section 2.3.1 (Errors) of the OpenGL 4.5 (Core Profile) spec says:
+    *
+    *    "If a negative number is provided where an argument of type sizei or
+    *     sizeiptr is specified, an INVALID_VALUE error is generated."
+    *
+    * and in the same section:
+    *
+    *    "In other cases, there are no side effects unless otherwise noted;
+    *     the command which generates the error is ignored so that it has no
+    *     effect on GL state or framebuffer contents."
+    *
+    * Hence, check both primcount and all the count[i].
+    */
+   if (primcount < 0) {
+      _mesa_error(ctx, GL_INVALID_VALUE,
+                  "glMultiDrawElements(primcount=%d)", primcount);
+      return GL_FALSE;
+   }
+
    for (i = 0; i < primcount; i++) {
       if (count[i] < 0) {
          _mesa_error(ctx, GL_INVALID_VALUE,

diff --git a/src/mesa/main/api_validate.h b/src/mesa/main/api_validate.h
index e94f02e4ba510b82dd055ebfc3d2244bff9e8aa8..de520c98dcbb1f51d942eb25d70af219054effc8 100644 (file)
--- a/src/mesa/main/api_validate.h
+++ b/src/mesa/main/api_validate.h
@@ -57,7 +57,7 @@ extern GLboolean
 _mesa_validate_MultiDrawElements(struct gl_context *ctx,
                                  GLenum mode, const GLsizei *count,
                                  GLenum type, const GLvoid * const *indices,
-                                 GLuint primcount);
+                                 GLsizei primcount);
 
 extern GLboolean
 _mesa_validate_DrawRangeElements(struct gl_context *ctx, GLenum mode,