vbo: Ignore invalid element ranges which are outside VBO bounds.

Some applications, such as Regnum Online, appear to pass invalid
start/end values to glDrawRangeElements.  In particular, the 'start'
index sometimes exceeds the maximum array element.  This is clearly
invalid behavior, and although the spec isn't clear, seems to result
in undefined, implementation-specific behavior.

This patch takes the conservative approach and simply ignores the range,
while issuing a warning indicating that the application is broken and
should be fixed.

NOTE: This is a candidate for release branches.

Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=45214
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=44701
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=41152
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=40361
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=28138
Signed-off-by: Kenneth Graunke <kenneth@whitecape.org>
Reviewed-by: Brian Paul <brianp@vmware.com> [v1]
Reviewed-by: Roland Scheidegger <sroland@vmware.com>

diff --git a/src/mesa/vbo/vbo_exec_array.c b/src/mesa/vbo/vbo_exec_array.c
index ec4cb4fc8c2bc8a3a1f51c1d8d212c8ac54551c0..9c20296baba89f06d610877cc350dc8ef31842fe 100644 (file)
--- a/src/mesa/vbo/vbo_exec_array.c
+++ b/src/mesa/vbo/vbo_exec_array.c
@@ -858,6 +858,7 @@ vbo_exec_DrawRangeElementsBaseVertex(GLenum mode,
                                     const GLvoid *indices,
                                     GLint basevertex)
 {
+   static GLuint warnCount = 0;
    GET_CURRENT_CONTEXT(ctx);
 
    if (MESA_VERBOSE & VERBOSE_DRAW)
@@ -870,6 +871,30 @@ vbo_exec_DrawRangeElementsBaseVertex(GLenum mode,
                                           type, indices, basevertex ))
       return;
 
+   if ((int) end + basevertex < 0 ||
+       start + basevertex >= ctx->Array.ArrayObj->_MaxElement) {
+      /* The application requested we draw using a range of indices that's
+       * outside the bounds of the current VBO.  This is invalid and appears
+       * to give undefined results.  The safest thing to do is to simply
+       * ignore the range, in case the application botched their range tracking
+       * but did provide valid indices.  Also issue a warning indicating that
+       * the application is broken.
+       */
+      if (warnCount++ < 10) {
+         _mesa_warning(ctx, "glDrawRangeElements(start %u, end %u, "
+                       "basevertex %d, count %d, type 0x%x, indices=%p):\n"
+                       "\trange is outside VBO bounds (max=%u); ignoring.\n"
+                       "\tThis should be fixed in the application.",
+                       start, end, basevertex, count, type, indices,
+                       ctx->Array.ArrayObj->_MaxElement - 1);
+      }
+
+      /* Just do an ordinary glDrawElementsBaseVertex(). */
+      vbo_validated_drawrangeelements(ctx, mode, GL_FALSE, 0, ~0,
+                                      count, type, indices, basevertex, 1);
+      return;
+   }
+
    /* NOTE: It's important that 'end' is a reasonable value.
     * in _tnl_draw_prims(), we use end to determine how many vertices
     * to transform.  If it's too large, we can unnecessarily split prims