Reviewed-by: Laura Ekstrand <la...@jlekstrand.net> On Thu, Mar 5, 2015 at 12:20 AM, Eduardo Lima Mitev <el...@igalia.com> wrote:
> _mesa_validate_pbo_access() provides a generic way to check that a > requested pixel transfer operation on a PBO falls within the > boundaries of the buffer. It is used in various other places, and > depending on the caller, some arguments are used or not. > > In particular, the 'clientMemSize' argument is used only by calls > that are knowledgeable of the total size of the user data involved > in a pixel transfer, such as the case of compressed texture image > calls. Other calls don't provide 'clientMemSize' directly since it > is made implicit from the size and format of the texture, and its > data type. In these cases, a sufficiently big value is passed to > 'clientMemSize' (INT_MAX) to avoid an incorrect constrain. > > The problem is that _mesa_validate_pbo_access() use uint > pointers to make the calculations, which are 64 bits long in 64 > bits platforms, meanwhile the dummy INT_MAX passed in 'clientMemSize' > is just 32 bits. This causes a constrain that is not desired. > > This patch fixes that by checking that if 'clientMemSize' is MAX_INT, > then UINTPTR_MAX is assumed instead. > > This is an ugly workaround to the fact that _mesa_validate_pbo_access() > intends to be a one function fits all. The clean solution here would > be to break it into different functions that provide the adequate API > for each of the possible code paths and validation needs. > > Since there are callers relying on passing INT_MAX to 'clientMemSize', > this patch is necessary to deal with the problem above while a cleaner > implementation of the PBO API is not implemented. > --- > src/mesa/main/pbo.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/mesa/main/pbo.c b/src/mesa/main/pbo.c > index 5c906ed..259f763 100644 > --- a/src/mesa/main/pbo.c > +++ b/src/mesa/main/pbo.c > @@ -80,7 +80,7 @@ _mesa_validate_pbo_access(GLuint dimensions, > */ > if (!_mesa_is_bufferobj(pack->BufferObj)) { > offset = 0; > - size = clientMemSize; > + size = (clientMemSize == INT_MAX) ? UINTPTR_MAX : clientMemSize; > } else { > offset = (uintptr_t)ptr; > size = pack->BufferObj->Size; > -- > 2.1.3 > > _______________________________________________ > mesa-dev mailing list > mesa-dev@lists.freedesktop.org > http://lists.freedesktop.org/mailman/listinfo/mesa-dev >
_______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev