Kristian Høgsberg <k...@bitplanet.net> writes:
> +static __DRIimage *
> +intel_create_sub_image(__DRIimage *parent,
> + int width, int height, int dri_format,
> + int offset, int pitch, void *loaderPrivate)
> +{
> + __DRIimage *image;
> +
> + image = intel_allocate_image(dri_format, loaderPrivate);
> +
> + image->region = calloc(sizeof(*image->region), 1);
> + if (image->region == NULL) {
> + FREE(image);
> + return NULL;
> + }
> +
> + image->region->cpp = _mesa_get_format_bytes(image->format);
> + image->region->width = width;
> + image->region->height = height;
> + image->region->pitch = pitch;
> + image->region->refcount = 1;
> + image->region->bo = parent->region->bo;
> + drm_intel_bo_reference(image->region->bo);
> + image->region->tiling = parent->region->tiling;
> + image->offset = offset;
> +
> + return image;
> +}I would be a lot more comfortable if there was some validation that offset + height * pitch was within the buffer object referenced, at least. There's also (offset % tile_width) != 0 possibility, but at least it wouldn't involve rendering outside the BO afaik. image->region->screen isn't set, so if intel_query_image() is callable on it, it would segfault. Seems like that ought to be fixed.
pgpkcUXRFrxXA.pgp
Description: PGP signature
_______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
