summaryrefslogtreecommitdiffstats
path: root/src/gallium/auxiliary/hud/hud_context.c
diff options
context:
space:
mode:
authorDave Airlie <[email protected]>2014-08-11 12:07:06 +1000
committerDave Airlie <[email protected]>2014-08-14 10:46:32 +1000
commit1cfcd0164e1be7d7b05b693f60a262ad735b7565 (patch)
tree052a872787bf2190f1770e26e7ff432b49cd4551 /src/gallium/auxiliary/hud/hud_context.c
parentb6d29de2c443df2aa670a70545d2e1e68ef57f45 (diff)
hud: don't overrun malloced arrays
==17630== Invalid read of size 4 ==17630== at 0x400AE10: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==17630== by 0x49024A2: u_upload_data (u_upload_mgr.c:253) ==17630== by 0x49050E1: u_vbuf_draw_vbo (u_vbuf.c:980) ==17630== by 0x487DE29: cso_draw_vbo (cso_context.c:1425) ==17630== by 0x487DEA0: cso_draw_arrays (cso_context.c:1445) ==17630== by 0x48A3B0E: hud_draw_colored_prims.constprop.6 (hud_context.c:123) ==17630== by 0x48A4810: hud_draw (hud_context.c:266) ==17630== by 0x48763F7: dri_flush (dri_drawable.c:483) ==17630== by 0x4057510: dri2Flush.constprop.4 (dri2_glx.c:559) ==17630== by 0x405789E: dri2SwapBuffers (dri2_glx.c:851) ==17630== by 0x402C531: glXSwapBuffers (glxcmds.c:842) ==17630== by 0x8049716: ??? (in /usr/bin/glxgears) ==17630== Address 0x4426b2c is 4 bytes after a block of size 1,008 alloc'd ==17630== at 0x4006B11: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==17630== by 0x48A4CE7: hud_pane_add_graph (hud_context.c:625) ==17630== by 0x48A68F0: hud_pipe_query_install (hud_driver_query.c:175) ==17630== by 0x48A6A30: hud_driver_query_install (hud_driver_query.c:207) ==17630== by 0x48A5835: hud_create (hud_context.c:791) ==17630== by 0x48756CB: dri_create_context (dri_context.c:165) ==17630== by 0x4871CD4: driCreateContextAttribs (dri_util.c:435) ==17630== by 0x4871E06: driCreateNewContext (dri_util.c:464) ==17630== by 0x4056A22: dri2_create_context (dri2_glx.c:223) ==17630== by 0x402CF68: CreateContext (glxcmds.c:299) ==17630== by 0x402D265: glXCreateContext (glxcmds.c:430) ==17630== by 0x804B136: ??? (in /usr/bin/glxgears) This is due to second vertex element being specified, and the upload tries to fetch over the end. However the pane rendering only requires a single vertex element, so specify only one. Reviewed-by: Marek Olšák <[email protected]> Signed-off-by: Dave Airlie <[email protected]>
Diffstat (limited to 'src/gallium/auxiliary/hud/hud_context.c')
-rw-r--r--src/gallium/auxiliary/hud/hud_context.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/gallium/auxiliary/hud/hud_context.c b/src/gallium/auxiliary/hud/hud_context.c
index b6e018423ed..a05d3c41e33 100644
--- a/src/gallium/auxiliary/hud/hud_context.c
+++ b/src/gallium/auxiliary/hud/hud_context.c
@@ -532,6 +532,7 @@ hud_draw(struct hud_context *hud, struct pipe_resource *tex)
pipe_resource_reference(&hud->text.vbuf.buffer, NULL);
/* draw the rest */
+ cso_set_vertex_elements(cso, 1, hud->velems);
LIST_FOR_EACH_ENTRY(pane, &hud->pane_list, head) {
if (pane)
hud_pane_draw_colored_objects(hud, pane);