From 3f0740e87c85974e18a2ebbdd095228637d8f865 Mon Sep 17 00:00:00 2001 From: Nicolai Hähnle Date: Fri, 21 Apr 2017 15:06:47 +0200 Subject: st/mesa: don't cast the incomplete framebufer to st_framebuffer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The incomplete framebuffer is set for a surfaceless context. This leads to the following error in piglit spec@egl_khr_surfaceless_context@viewport: ==26703==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f6886e43240 at pc 0x7f68854db0fd bp 0x7ffca404b3b0 sp 0x7ffca404b3a0 READ of size 8 at 0x7f6886e43240 thread T0 #0 0x7f68854db0fc in st_viewport ../../../mesa-src/src/mesa/state_tracker/st_cb_viewport.c:57 #1 0x556840176cdb in main tests/egl/spec/egl_khr_surfaceless_context/viewport.c:101 #2 0x7f688edcf3f0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x203f0) #3 0x556840176e19 in _start (/home/nha/amd/piglit/bin/egl-surfaceless-context-viewport+0xe19) 0x7f6886e43240 is located 32 bytes to the left of global variable 'DummyRenderbuffer' defined in '../../../mesa-src/src/mesa/main/fbobject.c:69:31' (0x7f6886e43260) of size 112 0x7f6886e43240 is located 8 bytes to the right of global variable 'IncompleteFramebuffer' defined in '../../../mesa-src/src/mesa/main/fbobject.c:73:30' (0x7f6886e42de0) of size 1112 SUMMARY: AddressSanitizer: global-buffer-overflow ../../../mesa-src/src/mesa/state_tracker/st_cb_viewport.c:57 in st_viewport Cc: mesa-stable@lists.freedesktop.org Reviewed-by: Marek Olšák (cherry picked from commit 19b61799e3d06795d783b34fdbbf8474ef1e9a7c) --- src/mesa/state_tracker/st_cb_fbo.h | 3 ++- src/mesa/state_tracker/st_manager.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/mesa/state_tracker/st_cb_fbo.h b/src/mesa/state_tracker/st_cb_fbo.h index d3e05547729..351fb9a02ef 100644 --- a/src/mesa/state_tracker/st_cb_fbo.h +++ b/src/mesa/state_tracker/st_cb_fbo.h @@ -85,7 +85,8 @@ static inline struct st_framebuffer * st_ws_framebuffer(struct gl_framebuffer *fb) { /* FBO cannot be casted. See st_new_framebuffer */ - if (fb && _mesa_is_winsys_fbo(fb)) + if (fb && _mesa_is_winsys_fbo(fb) && + fb != _mesa_get_incomplete_framebuffer()) return (struct st_framebuffer *) fb; return NULL; } diff --git a/src/mesa/state_tracker/st_manager.c b/src/mesa/state_tracker/st_manager.c index b9e46fd07e6..d8177f20e30 100644 --- a/src/mesa/state_tracker/st_manager.c +++ b/src/mesa/state_tracker/st_manager.c @@ -844,13 +844,14 @@ st_manager_flush_frontbuffer(struct st_context *st) struct st_framebuffer *stfb = st_ws_framebuffer(st->ctx->DrawBuffer); struct st_renderbuffer *strb = NULL; + assert(st->ctx->DrawBuffer != _mesa_get_incomplete_framebuffer()); + if (stfb) strb = st_renderbuffer(stfb->Base.Attachment[BUFFER_FRONT_LEFT].Renderbuffer); if (!strb) return; /* never a dummy fb */ - assert(&stfb->Base != _mesa_get_incomplete_framebuffer()); stfb->iface->flush_front(&st->iface, stfb->iface, ST_ATTACHMENT_FRONT_LEFT); } -- cgit v1.2.3