summaryrefslogtreecommitdiffstats
path: root/src/mesa/main/pbo.c
diff options
context:
space:
mode:
authornobled <[email protected]>2011-10-19 06:35:53 +0000
committernobled <[email protected]>2011-12-08 21:23:59 +0000
commiteefff37060de8c2e98c687c9263e783dfe3ac8cc (patch)
tree3fda2ed799c06e0cdcdd07454aa04df0134ebfd6 /src/mesa/main/pbo.c
parent4a2b9b53052a74e71aac59592e95e3910b5b7da5 (diff)
mesa,intel: use _mesa_image_offset() for PBOs
This avoids forming invalid pointers needlessly, which even if never dereferenced is undefined behavior. It also makes _mesa_validate_pbo_access() more comprehensible. Reviewed-by: Brian Paul <[email protected]>
Diffstat (limited to 'src/mesa/main/pbo.c')
-rw-r--r--src/mesa/main/pbo.c29
1 files changed, 16 insertions, 13 deletions
diff --git a/src/mesa/main/pbo.c b/src/mesa/main/pbo.c
index 41ff2ff44f9..d8fa9191dc5 100644
--- a/src/mesa/main/pbo.c
+++ b/src/mesa/main/pbo.c
@@ -68,8 +68,8 @@ _mesa_validate_pbo_access(GLuint dimensions,
GLenum format, GLenum type, GLsizei clientMemSize,
const GLvoid *ptr)
{
- const GLvoid *start, *end, *offset;
- const GLubyte *sizeAddr; /* buffer size, cast to a pointer */
+ /* unsigned, to detect overflow/wrap-around */
+ uintptr_t start, end, offset, size;
/* If no PBO is bound, 'ptr' is a pointer to client memory containing
'clientMemSize' bytes.
@@ -78,10 +78,10 @@ _mesa_validate_pbo_access(GLuint dimensions,
*/
if (!_mesa_is_bufferobj(pack->BufferObj)) {
offset = 0;
- sizeAddr = ((const GLubyte *) 0) + clientMemSize;
+ size = clientMemSize;
} else {
- offset = ptr;
- sizeAddr = ((const GLubyte *) 0) + pack->BufferObj->Size;
+ offset = (uintptr_t)ptr;
+ size = pack->BufferObj->Size;
/* The ARB_pixel_buffer_object spec says:
* "INVALID_OPERATION is generated by ColorTable, ColorSubTable,
* ConvolutionFilter2D, ConvolutionFilter1D, SeparableFilter2D,
@@ -93,27 +93,30 @@ _mesa_validate_pbo_access(GLuint dimensions,
* parameter."
*/
if (type != GL_BITMAP &&
- ((GLintptr)offset % _mesa_sizeof_packed_type(type)))
+ (offset % _mesa_sizeof_packed_type(type)))
return GL_FALSE;
}
- if (sizeAddr == 0)
+ if (size == 0)
/* no buffer! */
return GL_FALSE;
/* get the offset to the first pixel we'll read/write */
- start = _mesa_image_address(dimensions, pack, offset, width, height,
- format, type, 0, 0, 0);
+ start = _mesa_image_offset(dimensions, pack, width, height,
+ format, type, 0, 0, 0);
/* get the offset to just past the last pixel we'll read/write */
- end = _mesa_image_address(dimensions, pack, offset, width, height,
- format, type, depth-1, height-1, width);
+ end = _mesa_image_offset(dimensions, pack, width, height,
+ format, type, depth-1, height-1, width);
- if ((const GLubyte *) start > sizeAddr) {
+ start += offset;
+ end += offset;
+
+ if (start > size) {
/* This will catch negative values / wrap-around */
return GL_FALSE;
}
- if ((const GLubyte *) end > sizeAddr) {
+ if (end > size) {
/* Image read/write goes beyond end of buffer */
return GL_FALSE;
}