From 32eefb74511a4b6ff7eed169ce2a24f51ec974a0 Mon Sep 17 00:00:00 2001 From: Pierre-Eric Pelloux-Prayer Date: Fri, 26 Apr 2019 17:47:05 +0200 Subject: [PATCH] mesa: add buffer != 0 checks to glNamedBufferEXT functions MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The EXT_direct_state_access spec says: INVALID_OPERATION is generated by GetNamedBufferParameterivEXT, GetNamedBufferPointervEXT, GetNamedBufferSubDataEXT, MapNamedBufferEXT, NamedBufferDataEXT, NamedBufferSubDataEXT, and UnmapNamedBufferEXT if the buffer parameter is zero. This commits adds buffer != 0 validation to the implemented functions. glNamedBufferStorageEXT isn't included in this list and the EXT_buffer_storage doesn't says that buffer = 0 is an error either so I didn't add the same validation for this function. Reviewed-by: Marek Olšák Signed-off-by: Marek Olšák --- src/mesa/main/bufferobj.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/src/mesa/main/bufferobj.c b/src/mesa/main/bufferobj.c index 71bc9312f45..31c222ebf9a 100644 --- a/src/mesa/main/bufferobj.c +++ b/src/mesa/main/bufferobj.c @@ -2189,8 +2189,15 @@ _mesa_NamedBufferDataEXT(GLuint buffer, GLsizeiptr size, const GLvoid *data, GLenum usage) { GET_CURRENT_CONTEXT(ctx); + struct gl_buffer_object *bufObj; - struct gl_buffer_object *bufObj = _mesa_lookup_bufferobj(ctx, buffer); + if (!buffer) { + _mesa_error(ctx, GL_INVALID_OPERATION, + "glNamedBufferDataEXT(invalid buffer 0)"); + return; + } + + bufObj = _mesa_lookup_bufferobj(ctx, buffer); if (!_mesa_handle_bind_buffer_gen(ctx, buffer, &bufObj, "glNamedBufferDataEXT")) return; @@ -2331,8 +2338,15 @@ _mesa_NamedBufferSubDataEXT(GLuint buffer, GLintptr offset, GLsizeiptr size, const GLvoid *data) { GET_CURRENT_CONTEXT(ctx); + struct gl_buffer_object *bufObj; - struct gl_buffer_object *bufObj = _mesa_lookup_bufferobj(ctx, buffer); + if (!buffer) { + _mesa_error(ctx, GL_INVALID_OPERATION, + "glNamedBufferSubDataEXT(invalid buffer 0)"); + return; + } + + bufObj = _mesa_lookup_bufferobj(ctx, buffer); if (!_mesa_handle_bind_buffer_gen(ctx, buffer, &bufObj, "glNamedBufferSubDataEXT")) return; @@ -2702,6 +2716,12 @@ _mesa_UnmapNamedBufferEXT(GLuint buffer) GET_CURRENT_CONTEXT(ctx); struct gl_buffer_object *bufObj; + if (!buffer) { + _mesa_error(ctx, GL_INVALID_OPERATION, + "glUnmapNamedBufferEXT(invalid buffer 0)"); + return GL_FALSE; + } + bufObj = _mesa_lookup_bufferobj_err(ctx, buffer, "glUnmapNamedBuffer"); if (!bufObj) return GL_FALSE; @@ -3310,6 +3330,12 @@ void * GLAPIENTRY _mesa_MapNamedBufferRangeEXT(GLuint buffer, GLintptr offset, GLsizeiptr length, GLbitfield access) { + GET_CURRENT_CONTEXT(ctx); + if (!buffer) { + _mesa_error(ctx, GL_INVALID_OPERATION, + "glMapNamedBufferRangeEXT(invalid buffer 0)"); + return NULL; + } return map_named_buffer_range(buffer, offset, length, access, true, "glMapNamedBufferRangeEXT"); } @@ -3431,6 +3457,11 @@ _mesa_MapNamedBufferEXT(GLuint buffer, GLenum access) GET_CURRENT_CONTEXT(ctx); GLbitfield accessFlags; + if (!buffer) { + _mesa_error(ctx, GL_INVALID_OPERATION, + "glMapNamedBufferEXT(invalid buffer 0)"); + return NULL; + } if (!get_map_buffer_access_flags(ctx, access, &accessFlags)) { _mesa_error(ctx, GL_INVALID_ENUM, "glMapNamedBufferEXT(invalid access)"); return NULL; -- 2.30.2