diff options
| author | Pierre-Eric Pelloux-Prayer <[email protected]> | 2019-07-05 14:51:23 +0200 |
|---|---|---|
| committer | Marek Olšák <[email protected]> | 2019-07-15 15:22:25 -0400 |
| commit | a9655f36fe9088816973c19df9399268ef6bfcd8 (patch) | |
| tree | 3cda1835f0978917b7308bc0c40e4cdec5f1b636 | |
| parent | ce04fbf67c9ded75a206c9560a3869df76a46839 (diff) | |
st/mesa: verify that vertex buffer offset isn't negative
For drivers supporting PIPE_CAP_SIGNED_VERTEX_BUFFER_OFFSET the buffer_offset value
will be interpreted as an signed int.
An example of application code causing a negative offset:
float b[] = { ... }; // 3 float for pos, 3 for color
glBufferData(GL_ARRAY_BUFFER, ..., b, ...);
glVertexAttribPointer(0, 3, GL_FLOAT, GL_FALSE, 6 * sizeof(float), 0);
glVertexAttribPointer(1, 3, GL_FLOAT, GL_FALSE, 6 * sizeof(float), &b[3]);
^
should be 3 * sizeof(float)
The offset is a ptr so when interpreted as a signed int it can be negative.
This commit adds a verification that (int) buffer_offset is not negative - this would
indicate an application bug. Since it's too late to emit a GL_INVALID_VALUE error,
we replace the negative offset by 0 and emit a debug message.
Signed-off-by: Marek Olšák <[email protected]>
| -rw-r--r-- | src/mesa/state_tracker/st_atom_array.c | 12 | ||||
| -rw-r--r-- | src/mesa/state_tracker/st_context.c | 2 | ||||
| -rw-r--r-- | src/mesa/state_tracker/st_context.h | 1 |
3 files changed, 15 insertions, 0 deletions
diff --git a/src/mesa/state_tracker/st_atom_array.c b/src/mesa/state_tracker/st_atom_array.c index 89a0923fbbe..1662050bf04 100644 --- a/src/mesa/state_tracker/st_atom_array.c +++ b/src/mesa/state_tracker/st_atom_array.c @@ -410,6 +410,18 @@ st_setup_arrays(struct st_context *st, vbuffer[bufidx].buffer.resource = stobj ? stobj->buffer : NULL; vbuffer[bufidx].is_user_buffer = false; vbuffer[bufidx].buffer_offset = _mesa_draw_binding_offset(binding); + if (st->has_signed_vertex_buffer_offset) { + /* 'buffer_offset' will be interpreted as an signed int, so make sure + * the user supplied offset is not negative (application bug). + */ + if ((int) vbuffer[bufidx].buffer_offset < 0) { + assert ((int) vbuffer[bufidx].buffer_offset >= 0); + /* Fallback if assert are disabled: we can't disable this attribute + * since other parts expects it (e.g: velements, vp_variant), so + * use a non-buggy offset value instead */ + vbuffer[bufidx].buffer_offset = 0; + } + } } else { /* Set the binding */ const void *ptr = (const void *)_mesa_draw_binding_offset(binding); diff --git a/src/mesa/state_tracker/st_context.c b/src/mesa/state_tracker/st_context.c index a94ffe26eba..fada76437b2 100644 --- a/src/mesa/state_tracker/st_context.c +++ b/src/mesa/state_tracker/st_context.c @@ -637,6 +637,8 @@ st_create_context_priv(struct gl_context *ctx, struct pipe_context *pipe, screen->get_param(screen, PIPE_CAP_INDEP_BLEND_FUNC); st->needs_rgb_dst_alpha_override = screen->get_param(screen, PIPE_CAP_RGB_OVERRIDE_DST_ALPHA_BLEND); + st->has_signed_vertex_buffer_offset = + screen->get_param(screen, PIPE_CAP_SIGNED_VERTEX_BUFFER_OFFSET); st->has_hw_atomics = screen->get_shader_param(screen, PIPE_SHADER_FRAGMENT, diff --git a/src/mesa/state_tracker/st_context.h b/src/mesa/state_tracker/st_context.h index ceb28d5f5c5..93387df7cca 100644 --- a/src/mesa/state_tracker/st_context.h +++ b/src/mesa/state_tracker/st_context.h @@ -145,6 +145,7 @@ struct st_context boolean has_indep_blend_func; boolean needs_rgb_dst_alpha_override; boolean can_bind_const_buffer_as_vertex; + boolean has_signed_vertex_buffer_offset; /** * If a shader can be created when we get its source. |