The pointer arithmetic overflow bug that led me to make commit b69c7c5dac, in addition to crashing Google Chrome, had another side-effect: It filled me with paranoia that i965 may be riddled with pointer arithmetic overflow.
So I went on a witch hunt. I grepped i965 for "->virtual\>" and "intel_miptree_map", looked closely for code that smelled like pointer arithmetic overflow, and proactively fixed the potential bug. The result is this patch series. No Piglit change on Ivybridge GT2. Patches are on my branch [1] 'i965-safer-pointer-arith'. I think patch 3 is suitable for the stable branches. Let me what you think about that. [1] http://github.com/chadversary/mesa/tree/i965-safer-pointer-arith Chad Versace (4): i965: Remove spurious casts in copy_image_with_memcpy() i965: Fix intel_miptree_map() signature to be more 64-bit safe i965: Use safer pointer arithmetic in intel_texsubimage_tiled_memcpy() i965: Use safer pointer arithmetic in gather_oa_results() src/mesa/drivers/dri/i965/brw_performance_monitor.c | 2 +- src/mesa/drivers/dri/i965/intel_copy_image.c | 12 ++++++------ src/mesa/drivers/dri/i965/intel_fbo.c | 4 ++-- src/mesa/drivers/dri/i965/intel_mipmap_tree.c | 17 ++++++++++++++--- src/mesa/drivers/dri/i965/intel_mipmap_tree.h | 2 +- src/mesa/drivers/dri/i965/intel_tex.c | 7 +++++-- src/mesa/drivers/dri/i965/intel_tex_subimage.c | 7 ++++--- 7 files changed, 33 insertions(+), 18 deletions(-) -- 2.1.0-rc0 _______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
