In get_tex_memcpy, when copying texture data directly from source
to destination (when row strides match for both src and dst), the
block size is currently calculated as 'bytes-per-row * image-height',
ignoring the given y-offset argument.
This can cause a read past the end of the mapped buffer, leading to
a segfault.
Fixes CTS test (from crash to pass):
* GL45-CTS/get_texture_sub_image/functional_test
---
src/mesa/main/texgetimage.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mesa/main/texgetimage.c b/src/mesa/main/texgetimage.c
index b900278..a783ed5 100644
--- a/src/mesa/main/texgetimage.c
+++ b/src/mesa/main/texgetimage.c
@@ -654,7 +654,7 @@ get_tex_memcpy(struct gl_context *ctx,
if (src) {
if (bytesPerRow == dstRowStride && bytesPerRow == srcRowStride) {
- memcpy(dst, src, bytesPerRow * texImage->Height);
+ memcpy(dst, src, bytesPerRow * (texImage->Height - yoffset));
}
else {
GLuint row;
--
2.10.2
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
