summaryrefslogtreecommitdiffstats
path: root/src/gallium
diff options
context:
space:
mode:
authorIlia Mirkin <imirkin@alum.mit.edu>2014-01-21 19:45:18 -0500
committerMaarten Lankhorst <maarten.lankhorst@canonical.com>2014-01-27 16:40:42 +0100
commit3de97ce9200e9fe96891e7e92ec83f0fc38d8693 (patch)
tree3a8a1c9694b29764b769badfadc9290c3ebab693 /src/gallium
parent4dd445f1cf80292f10eda53665cefc2a674d838d (diff)
translate: deal with size overflows by casting to ptrdiff_t
This was discovered as a result of the draw-elements-base-vertex-neg piglit test, which passes very negative offsets in, followed up by large indices. The nouveau code correctly adjusts the pointer, but the translate code needs to do the proper inverse correction. Similarly fix up the SSE code to do a 64-bit multiply to compute the proper offset. Signed-off-by: Ilia Mirkin <imirkin@alum.mit.edu> Reviewed-by: Brian Paul <brianp@vmware.com>
Diffstat (limited to 'src/gallium')
-rw-r--r--src/gallium/auxiliary/translate/translate_generic.c2
-rw-r--r--src/gallium/auxiliary/translate/translate_sse.c8
2 files changed, 7 insertions, 3 deletions
diff --git a/src/gallium/auxiliary/translate/translate_generic.c b/src/gallium/auxiliary/translate/translate_generic.c
index 5bf97db35d1..5ffce32ba70 100644
--- a/src/gallium/auxiliary/translate/translate_generic.c
+++ b/src/gallium/auxiliary/translate/translate_generic.c
@@ -638,7 +638,7 @@ static ALWAYS_INLINE void PIPE_CDECL generic_run_one( struct translate_generic *
}
src = tg->attrib[attr].input_ptr +
- tg->attrib[attr].input_stride * index;
+ (ptrdiff_t)tg->attrib[attr].input_stride * index;
copy_size = tg->attrib[attr].copy_size;
if(likely(copy_size >= 0))
diff --git a/src/gallium/auxiliary/translate/translate_sse.c b/src/gallium/auxiliary/translate/translate_sse.c
index a78ea916a8e..a72454a808a 100644
--- a/src/gallium/auxiliary/translate/translate_sse.c
+++ b/src/gallium/auxiliary/translate/translate_sse.c
@@ -1121,7 +1121,9 @@ static boolean init_inputs( struct translate_sse *p,
x86_cmovcc(p->func, tmp_EAX, buf_max_index, cc_AE);
}
- x86_imul(p->func, tmp_EAX, buf_stride);
+ x86_mov(p->func, p->tmp2_EDX, buf_stride);
+ x64_rexw(p->func);
+ x86_imul(p->func, tmp_EAX, p->tmp2_EDX);
x64_rexw(p->func);
x86_add(p->func, tmp_EAX, buf_base_ptr);
@@ -1207,7 +1209,9 @@ static struct x86_reg get_buffer_ptr( struct translate_sse *p,
x86_cmp(p->func, ptr, buf_max_index);
x86_cmovcc(p->func, ptr, buf_max_index, cc_AE);
- x86_imul(p->func, ptr, buf_stride);
+ x86_mov(p->func, p->tmp2_EDX, buf_stride);
+ x64_rexw(p->func);
+ x86_imul(p->func, ptr, p->tmp2_EDX);
x64_rexw(p->func);
x86_add(p->func, ptr, buf_base_ptr);
return ptr;