draw: check for integer overflows in instance computation

Integers could easily overflow is the starting instance was large enough. Instead of letting bogus counts through set the instance to max if it overflown and let our regular buffer overflow computation handle it. Signed-off-by: Zack Rusin <zackr@vmware.com>
2013-06-25 17:01:14 -04:00 · 2013-06-25 17:01:14 -04:00 · 88de009cc1
parent 2f13f28120
commit 88de009cc1
2 changed files with 7 additions and 0 deletions
--- a/src/gallium/auxiliary/draw/draw_llvm.c
+++ b/src/gallium/auxiliary/draw/draw_llvm.c
@ -768,6 +768,7 @@ generate_fetch(struct gallivm_state *gallivm,
                        lp_build_const_int32(
                           gallivm,
                           util_format_get_blocksize(velem->src_format)));
+   lp_build_printf(gallivm, "   instance_id = %u\n", instance_id);
   lp_build_printf(gallivm, "   stride = %u\n", stride);
   lp_build_printf(gallivm, "   buffer size = %u\n", buffer_size);
   lp_build_printf(gallivm, "   needed_buffer_size = %u\n", needed_buffer_size);
--- a/src/gallium/auxiliary/draw/draw_pt.c
+++ b/src/gallium/auxiliary/draw/draw_pt.c
@ -533,6 +533,12 @@ draw_vbo(struct draw_context *draw,

   for (instance = 0; instance < info->instance_count; instance++) {
      draw->instance_id = instance + info->start_instance;
+      /* check for overflow */
+      if (draw->instance_id < instance ||
+          draw->instance_id < info->start_instance) {
+         /* if we overflown just set the instance id to the max */
+         draw->instance_id = 0xffffffff;
+      }

      draw_new_instance(draw);