The size of the pool is slightly smaller than the size of the
structure containing the whole pool. We need to take that into account
on when setting up the internals.
Fixes a crash due to out of bound memory access in:
dEQP-VK.api.descriptor_pool.out_of_pool_memory
Signed-off-by: Lionel Landwerlin <lionel.g.landwer...@intel.com>
---
src/intel/vulkan/anv_descriptor_set.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/intel/vulkan/anv_descriptor_set.c
b/src/intel/vulkan/anv_descriptor_set.c
index 52a91fa25c..d31d8e4565 100644
--- a/src/intel/vulkan/anv_descriptor_set.c
+++ b/src/intel/vulkan/anv_descriptor_set.c
@@ -332,21 +332,21 @@ VkResult anv_CreateDescriptorPool(
}
}
- const size_t size =
- sizeof(*pool) +
+ const size_t pool_size =
pCreateInfo->maxSets * sizeof(struct anv_descriptor_set) +
descriptor_count * sizeof(struct anv_descriptor) +
buffer_count * sizeof(struct anv_buffer_view);
+ const size_t total_size = sizeof(*pool) + pool_size;
fprintf(stderr, "CreatePool buffer_count=%u desc_count=%u maxSets=%u
size=%u\n",
descriptor_count, buffer_count, pCreateInfo->maxSets, size=%u);
- pool = vk_alloc2(&device->alloc, pAllocator, size, 8,
+ pool = vk_alloc2(&device->alloc, pAllocator, total_size, 8,
VK_SYSTEM_ALLOCATION_SCOPE_OBJECT);
if (!pool)
return vk_error(VK_ERROR_OUT_OF_HOST_MEMORY);
- pool->size = size;
+ pool->size = pool_size;
pool->next = 0;
pool->free_list = EMPTY;
--
2.11.0
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/mesa-dev
