projects / mesa.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 156d2c6)
i965: Handle non-zero texture buffer offsets in buffer object range calculation.
authorFrancisco Jerez <currojerez@riseup.net>
Fri, 16 Mar 2018 21:35:10 +0000 (14:35 -0700)
committerFrancisco Jerez <currojerez@riseup.net>
Wed, 23 May 2018 23:21:28 +0000 (16:21 -0700)
Otherwise the specified surface state will allow the GPU to access
memory up to BufferOffset bytes past the end of the buffer.  Found by
inspection.

v2: Protect against out-of-range BufferOffset (Nanley).
Cc: mesa-stable@lists.freedesktop.org
Reviewed-by: Nanley Chery <nanley.g.chery@intel.com>
src/mesa/drivers/dri/i965/brw_wm_surface_state.c patch | blob | history

diff --git a/src/mesa/drivers/dri/i965/brw_wm_surface_state.c b/src/mesa/drivers/dri/i965/brw_wm_surface_state.c
index af629a17bfaef6d6c834689cc587364247f1dbb9..39e898243db4f038c3304d250f7ddbdddf9acac1 100644 (file)
--- a/src/mesa/drivers/dri/i965/brw_wm_surface_state.c
+++ b/src/mesa/drivers/dri/i965/brw_wm_surface_state.c
@@ -647,6 +647,7 @@ buffer_texture_range_size(struct brw_context *brw,
    const unsigned texel_size = _mesa_get_format_bytes(obj->_BufferObjectFormat);
    const unsigned buffer_size = (!obj->BufferObject ? 0 :
                                  obj->BufferObject->Size);
+   const unsigned buffer_offset = MIN2(buffer_size, obj->BufferOffset);
 
    /* The ARB_texture_buffer_specification says:
     *
@@ -664,7 +665,8 @@ buffer_texture_range_size(struct brw_context *brw,
     * so that when ISL divides by stride to obtain the number of texels, that
     * texel count is clamped to MAX_TEXTURE_BUFFER_SIZE.
     */
-   return MIN3((unsigned)obj->BufferSize, buffer_size,
+   return MIN3((unsigned)obj->BufferSize,
+               buffer_size - buffer_offset,
                brw->ctx.Const.MaxTextureBufferSize * texel_size);
 }