From eeebf5c2dfbf68e8db5a9926bba7ae55ed7c1b54 Mon Sep 17 00:00:00 2001 From: Alyssa Rosenzweig Date: Thu, 22 Aug 2019 08:02:52 -0700 Subject: [PATCH] panfrost: Remove vertex buffer offset from its size The offset is added to the base address, so we need to subtract it from the size to maintain the same end address and thus prevent a buffer overflow: end_address = start_address + size start_address' = start_address + offset size' = size - offset end_address' = start_address' + size' = (start_address + offset) + (size - offset) = (start_address + size) + (offset - offset) = start_address + size = end_address QED. Signed-off-by: Alyssa Rosenzweig --- src/gallium/drivers/panfrost/pan_instancing.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/gallium/drivers/panfrost/pan_instancing.c b/src/gallium/drivers/panfrost/pan_instancing.c index 30023725b2e..e5a1e7cfae3 100644 --- a/src/gallium/drivers/panfrost/pan_instancing.c +++ b/src/gallium/drivers/panfrost/pan_instancing.c @@ -292,7 +292,7 @@ panfrost_emit_vertex_data(struct panfrost_job *batch) * will be adjusted back when we fixup the src_offset in * mali_attr_meta */ - mali_ptr raw_addr = panfrost_vertex_buffer_address(ctx, vbi); + mali_ptr raw_addr = rsrc->bo->gpu + buf->buffer_offset; mali_ptr addr = raw_addr & ~63; unsigned chopped_addr = raw_addr - addr; @@ -302,7 +302,10 @@ panfrost_emit_vertex_data(struct panfrost_job *batch) /* Set common fields */ attrs[k].elements = addr; attrs[k].stride = buf->stride; - attrs[k].size = rsrc->base.width0; + + /* Since we advanced the base pointer, we shrink the buffer + * size */ + attrs[k].size = rsrc->base.width0 - buf->buffer_offset; /* We need to add the extra size we masked off (for * correctness) so the data doesn't get clamped away */ -- 2.30.2