summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrian Paul <[email protected]>2011-06-20 11:07:57 -0600
committerBrian Paul <[email protected]>2011-09-23 07:58:47 -0600
commit73e840ab7d5d4f42dabe498b194b388713fdc43b (patch)
treee811324ad48ebe52006994d79ff47bb7c2f2347e
parent974b6413f4540d73c21c092cc0a62abb6d546e21 (diff)
svga: check to avoid writing beyond end of constant buffer
See bug 688394
-rw-r--r--src/gallium/drivers/svga/svga_state_constants.c24
1 files changed, 23 insertions, 1 deletions
diff --git a/src/gallium/drivers/svga/svga_state_constants.c b/src/gallium/drivers/svga/svga_state_constants.c
index a28fcf91225..870857ea42f 100644
--- a/src/gallium/drivers/svga/svga_state_constants.c
+++ b/src/gallium/drivers/svga/svga_state_constants.c
@@ -107,7 +107,29 @@ static enum pipe_error emit_const_range( struct svga_context *svga,
unsigned i, j;
enum pipe_error ret;
- assert(offset + count < CB_MAX);
+#ifdef DEBUG
+ if (offset + count > CB_MAX) {
+ debug_printf("svga: too many constants (offset + count = %u)\n",
+ offset + count);
+ }
+#endif
+
+ if (offset > CB_MAX) {
+ /* This isn't OK, but if we propagate an error all the way up we'll
+ * just get into more trouble.
+ * XXX note that offset is always zero at this time so this is moot.
+ */
+ return PIPE_OK;
+ }
+
+ if (offset + count > CB_MAX) {
+ /* Just drop the extra constants for now.
+ * Ideally we should not have allowed the app to create a shader
+ * that exceeds our constant buffer size but there's no way to
+ * express that in gallium at this time.
+ */
+ count = CB_MAX - offset;
+ }
i = 0;
while (i < count) {