projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7214fe3)
draw: account for elem size when computing overflow
authorZack Rusin <zackr@vmware.com>
Tue, 25 Jun 2013 17:54:47 +0000 (13:54 -0400)
committerZack Rusin <zackr@vmware.com>
Fri, 28 Jun 2013 08:24:12 +0000 (04:24 -0400)
We weren't taking into account the size of element
that is to be fetched, which meant that it was possible
to overflow the buffer reads if the stride was very
close to the end of the buffer, e.g. stride = 3, buffer
size = 4, and the element to be read = 4. This should
be properly detected as an overflow.

Signed-off-by: Zack Rusin <zackr@vmware.com>
src/gallium/auxiliary/draw/draw_llvm.c patch | blob | history

diff --git a/src/gallium/auxiliary/draw/draw_llvm.c b/src/gallium/auxiliary/draw/draw_llvm.c
index 5373d1a0a8fa66b1cbae0eec63cbc14634ce9019..f27776a5cc539b6cea6f6fe7a901c3a922d39889 100644 (file)
--- a/src/gallium/auxiliary/draw/draw_llvm.c
+++ b/src/gallium/auxiliary/draw/draw_llvm.c
@@ -695,6 +695,7 @@ generate_fetch(struct gallivm_state *gallivm,
    LLVMValueRef buffer_size = draw_jit_dvbuffer_size(gallivm, vbuffer_ptr);
    LLVMValueRef stride;
    LLVMValueRef buffer_overflowed;
+   LLVMValueRef needed_buffer_size;
    LLVMValueRef temp_ptr =
       lp_build_alloca(gallivm,
                       lp_build_vec_type(gallivm, lp_float32_vec4_type()), "");
@@ -715,15 +716,30 @@ generate_fetch(struct gallivm_state *gallivm,
    stride = LLVMBuildAdd(builder, stride,
                          lp_build_const_int32(gallivm, velem->src_offset),
                          "");
-
-   buffer_overflowed = LLVMBuildICmp(builder, LLVMIntUGE,
-                                     stride, buffer_size,
+   needed_buffer_size = LLVMBuildAdd(
+      builder, stride,
+      lp_build_const_int32(gallivm,
+                           util_format_get_blocksize(velem->src_format)),
+      "");
+
+   buffer_overflowed = LLVMBuildICmp(builder, LLVMIntUGT,
+                                     needed_buffer_size, buffer_size,
                                      "buffer_overflowed");
-   /*
-   lp_build_printf(gallivm, "vbuf index = %u, stride is %u\n", index, stride);
-   lp_build_print_value(gallivm, "   buffer size = ", buffer_size);
+#if 0
+   lp_build_printf(gallivm, "vbuf index = %u, vb_stride is %u\n",
+                   index, vb_stride);
+   lp_build_printf(gallivm, "   vb_buffer_offset = %u, src_offset is %u\n",
+                   vb_buffer_offset,
+                   lp_build_const_int32(gallivm, velem->src_offset));
+   lp_build_print_value(gallivm, "   blocksize = ",
+                        lp_build_const_int32(
+                           gallivm,
+                           util_format_get_blocksize(velem->src_format)));
+   lp_build_printf(gallivm, "   stride = %u\n", stride);
+   lp_build_printf(gallivm, "   buffer size = %u\n", buffer_size);
+   lp_build_printf(gallivm, "   needed_buffer_size = %u\n", needed_buffer_size);
    lp_build_print_value(gallivm, "   buffer overflowed = ", buffer_overflowed);
-   */
+#endif
 
    lp_build_if(&if_ctx, gallivm, buffer_overflowed);
    {