With all of the flipping and pitch twiddling and miptree layout involved
in our blits, there are lots of ways for us to scribble outside of a
buffer. Put in a check that we're not about to do so.
This catches a bug that glamor was running into.
---
src/mesa/drivers/dri/i965/intel_blit.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/mesa/drivers/dri/i965/intel_blit.c
b/src/mesa/drivers/dri/i965/intel_blit.c
index 13cc777..9162b1f 100644
--- a/src/mesa/drivers/dri/i965/intel_blit.c
+++ b/src/mesa/drivers/dri/i965/intel_blit.c
@@ -391,6 +391,10 @@ intelEmitCopyBlit(struct brw_context *brw,
assert(dst_x < dst_x2);
assert(dst_y < dst_y2);
+ assert(src_offset + (src_y + h - 1) * abs(src_pitch) +
+ (w * cpp) <= src_buffer->size);
+ assert(dst_offset + (dst_y + h - 1) * abs(dst_pitch) +
+ (w * cpp) <= dst_buffer->size);
BEGIN_BATCH_BLT_TILED(8, dst_y_tiled, src_y_tiled);
--
1.8.5.1
_______________________________________________
mesa-dev mailing list
mesa-dev@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/mesa-dev
