KonstantinSeurer
/
mesa
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

vbo/dlist: do not try to pad an empty draw 

In the case where u_index_generator returns zero new vertices, we never
filled tmp_indices before trying to duplicate the last veretx. This
causes us to read unitialized memory.

This fixes a Valgrind issue triggering in glxgears on Zink:

---8<---
==296461== Invalid read of size 2
==296461==    at 0x570F335: compile_vertex_list (vbo_save_api.c:733)
==296461==    by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021)
==296461==    by 0x571050A: upgrade_vertex (vbo_save_api.c:1134)
==296461==    by 0x571050A: fixup_vertex (vbo_save_api.c:1251)
==296461==    by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315)
==296461==    by 0x10B750: ??? (in /usr/bin/glxgears)
==296461==    by 0x10A2CC: ??? (in /usr/bin/glxgears)
==296461==    by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6)
==296461==  Address 0x11ca23de is 2 bytes before a block of size 1,968 alloc'd
==296461==    at 0x4845899: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==296461==    by 0x570E647: compile_vertex_list (vbo_save_api.c:604)
==296461==    by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021)
==296461==    by 0x571050A: upgrade_vertex (vbo_save_api.c:1134)
==296461==    by 0x571050A: fixup_vertex (vbo_save_api.c:1251)
==296461==    by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315)
==296461==    by 0x10B750: ??? (in /usr/bin/glxgears)
==296461==    by 0x10A2CC: ??? (in /usr/bin/glxgears)
==296461==    by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6)
---8<---

Fixes: dcbf2423d2 ("vbo/dlist: add vertices to incomplete primitives")
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15633>
This commit is contained in:
Erik Faye-Lund 2022-03-29 12:38:46 +02:00
parent b784910ac7
commit 83ed40cdcd
1 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/mesa/vbo/vbo_save_api.c
View File

@ -727,12 +727,14 @@ compile_vertex_list(struct gl_context *ctx)
}
/* Duplicate the last vertex for incomplete primitives */
unsigned min_vert = u_prim_vertex_count(mode)->min;
for (unsigned j = vertex_count; j < min_vert; j++) {
indices[idx++] = add_vertex(save, vertex_to_index,
converted_prim ? CAST_INDEX(tmp_indices, index_size, vertex_count - 1) :
original_prims[i].start + vertex_count - 1,
temp_vertices_buffer, &max_index);
if (vertex_count > 0) {
unsigned min_vert = u_prim_vertex_count(mode)->min;
for (unsigned j = vertex_count; j < min_vert; j++) {
indices[idx++] = add_vertex(save, vertex_to_index,
converted_prim ? CAST_INDEX(tmp_indices, index_size, vertex_count - 1) :
original_prims[i].start + vertex_count - 1,
temp_vertices_buffer, &max_index);
}
}
#undef CAST_INDEX