From be66ff51ec98cf583044b3e53a49c41edd803134 Mon Sep 17 00:00:00 2001 From: Keith Whitwell Date: Wed, 23 Sep 2009 14:40:45 +0100 Subject: [PATCH] st/mesa: trim calculated userbuffer size In get_array_bounds we were previously defining a user buffer sized as (nr_vertices * stride). The trouble is that if the vertex data occupies less than stride bytes, the extra tailing (stride - size) bytes may extend outside the memory actually allocated by the app and caused a segfault. To fix this, define a the buffer bounds to be: ptr .. ptr + (nr-1)*stride + element_size --- src/mesa/state_tracker/st_draw.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/src/mesa/state_tracker/st_draw.c b/src/mesa/state_tracker/st_draw.c index 225541a30ba..11699d5b1ba 100644 --- a/src/mesa/state_tracker/st_draw.c +++ b/src/mesa/state_tracker/st_draw.c @@ -317,23 +317,29 @@ get_arrays_bounds(const struct st_vertex_program *vp, const GLubyte **low, const GLubyte **high) { const GLubyte *low_addr = NULL; + const GLubyte *high_addr = NULL; GLuint attr; - GLint stride; for (attr = 0; attr < vp->num_inputs; attr++) { const GLuint mesaAttr = vp->index_to_input[attr]; + const GLint stride = arrays[mesaAttr]->StrideB; const GLubyte *start = arrays[mesaAttr]->Ptr; - stride = arrays[mesaAttr]->StrideB; + const unsigned sz = (arrays[mesaAttr]->Size * + _mesa_sizeof_type(arrays[mesaAttr]->Type)); + const GLubyte *end = start + (max_index * stride) + sz; + if (attr == 0) { low_addr = start; + high_addr = end; } else { low_addr = MIN2(low_addr, start); + high_addr = MAX2(high_addr, end); } } *low = low_addr; - *high = low_addr + (max_index + 1) * stride; + *high = high_addr; } -- 2.30.2