On Mon, May 21, 2018 at 05:32:09PM -0700, Francisco Jerez wrote: > Otherwise the specified surface state will allow the GPU to access > memory up to BufferOffset bytes past the end of the buffer. Found by > inspection. > > v2: Protect against out-of-range BufferOffset (Nanley). > Cc: mesa-sta...@lists.freedesktop.org > --- > src/mesa/drivers/dri/i965/brw_wm_surface_state.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/src/mesa/drivers/dri/i965/brw_wm_surface_state.c > b/src/mesa/drivers/dri/i965/brw_wm_surface_state.c > index af629a17bfa..39e898243db 100644 > --- a/src/mesa/drivers/dri/i965/brw_wm_surface_state.c > +++ b/src/mesa/drivers/dri/i965/brw_wm_surface_state.c > @@ -647,6 +647,7 @@ buffer_texture_range_size(struct brw_context *brw, > const unsigned texel_size = > _mesa_get_format_bytes(obj->_BufferObjectFormat); > const unsigned buffer_size = (!obj->BufferObject ? 0 : > obj->BufferObject->Size); > + const unsigned buffer_offset = MIN2(buffer_size, obj->BufferOffset); >
Clamping the offset is a nice solution. This patch is Reviewed-by: Nanley Chery <nanley.g.ch...@intel.com> > /* The ARB_texture_buffer_specification says: > * > @@ -664,7 +665,8 @@ buffer_texture_range_size(struct brw_context *brw, > * so that when ISL divides by stride to obtain the number of texels, that > * texel count is clamped to MAX_TEXTURE_BUFFER_SIZE. > */ > - return MIN3((unsigned)obj->BufferSize, buffer_size, > + return MIN3((unsigned)obj->BufferSize, > + buffer_size - buffer_offset, > brw->ctx.Const.MaxTextureBufferSize * texel_size); > } > > -- > 2.16.1 > _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/mesa-dev
