From 10c82c6c5fc415d323a5e9c6acdc6a4c85d6b712 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Kristian=20H=C3=B8gsberg?= Date: Mon, 2 Mar 2015 16:19:52 -0800 Subject: [PATCH] i965: Fix uint64_t overflow in intel_client_wait_sync() MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit DRM_IOCTL_I915_GEM_WAIT takes an int64_t for the timeout value but GL_ARB_sync takes an uint64_t. Further, the ioctl used to wait indefinitely when passed a negative timeout, but it's been broken and now returns immediately in that case. Thus, if an application passes UINT64_MAX to wait forever, we overflow to -1LL and return immediately. Work around this mess by clamping the wait timeout to INT64_MAX. Signed-off-by: Kristian Høgsberg Reviewed-by: Chad Versace --- src/mesa/drivers/dri/i965/intel_syncobj.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/mesa/drivers/dri/i965/intel_syncobj.c b/src/mesa/drivers/dri/i965/intel_syncobj.c index 9cde15298fe..e500fa04c51 100644 --- a/src/mesa/drivers/dri/i965/intel_syncobj.c +++ b/src/mesa/drivers/dri/i965/intel_syncobj.c @@ -84,6 +84,14 @@ static void intel_client_wait_sync(struct gl_context *ctx, struct gl_sync_object { struct intel_sync_object *sync = (struct intel_sync_object *)s; + /* DRM_IOCTL_I915_GEM_WAIT uses a signed 64 bit timeout and returns + * immediately for timeouts <= 0. The best we can do is to clamp the + * timeout to INT64_MAX. This limits the maximum timeout from 584 years to + * 292 years - likely not a big deal. + */ + if (timeout > INT64_MAX) + timeout = INT64_MAX; + if (sync->bo && drm_intel_gem_bo_wait(sync->bo, timeout) == 0) { s->StatusFlag = 1; drm_intel_bo_unreference(sync->bo); -- 2.30.2