summaryrefslogtreecommitdiffstats
path: root/src/gallium/auxiliary/draw
diff options
context:
space:
mode:
Diffstat (limited to 'src/gallium/auxiliary/draw')
-rw-r--r--src/gallium/auxiliary/draw/draw_pt_vcache.c20
1 files changed, 14 insertions, 6 deletions
diff --git a/src/gallium/auxiliary/draw/draw_pt_vcache.c b/src/gallium/auxiliary/draw/draw_pt_vcache.c
index d856bd8bd3d..e9b2a3a7d04 100644
--- a/src/gallium/auxiliary/draw/draw_pt_vcache.c
+++ b/src/gallium/auxiliary/draw/draw_pt_vcache.c
@@ -347,16 +347,11 @@ vcache_check_run( struct draw_pt_front_end *frontend,
const unsigned min_index = draw->pt.user.min_index;
const unsigned max_index = draw->pt.user.max_index;
const unsigned index_size = draw->pt.user.eltSize;
- const unsigned fetch_count = max_index + 1 - min_index;
+ unsigned fetch_count;
const ushort *transformed_elts;
ushort *storage = NULL;
boolean ok = FALSE;
-
- if (0) debug_printf("fetch_count %d fetch_max %d draw_count %d\n", fetch_count,
- vcache->fetch_max,
- draw_count);
-
/* debug: verify indexes are in range [min_index, max_index] */
if (0) {
unsigned i;
@@ -377,6 +372,19 @@ vcache_check_run( struct draw_pt_front_end *frontend,
}
}
+ /* Note: max_index is frequently 0xffffffff so we have to be sure
+ * that any arithmetic involving max_index doesn't overflow!
+ */
+ if (max_index >= (unsigned) DRAW_PIPE_MAX_VERTICES)
+ goto fail;
+
+ fetch_count = max_index + 1 - min_index;
+
+ if (0)
+ debug_printf("fetch_count %d fetch_max %d draw_count %d\n", fetch_count,
+ vcache->fetch_max,
+ draw_count);
+
if (elt_bias + max_index >= DRAW_PIPE_MAX_VERTICES ||
fetch_count >= UNDEFINED_VERTEX_ID ||
fetch_count > draw_count) {