On Sat, Mar 9, 2013 at 1:35 PM, Jose Fonseca <[email protected]> wrote: > > > ----- Original Message ----- >> On Sat, Mar 9, 2013 at 12:30 PM, Jose Fonseca <[email protected]> wrote: >> > Looks a sensible thing to do. >> > >> > Reviewed-by: Jose Fonseca <[email protected]> >> > >> >> Thanks for the review. >> >> > Any insight how the caller can be fixed so that this doesn't happen? >> >> It happens to me when draw stages add more samplers on top of the max >> samplers from the application. > > I see. Maybe it would be safer if draw module just passed things through (and > warn) on those circumstances.
I'm really trying to fix a possible security problem here, so a warning won't do it. All the gallium drivers I looked at will get an overflow in some way if the state tracker gives you > PIPE_MAX_SAMPLERS samplers. > Do real apps stress this, or just tests? > Real apps definitely exercise this, but I couldn't tell you which; I got it in a Chrome OS crash report, and I found it because subsequent members of the struct get nullified by the aaline draw stage which leads to crashes. > Another alternative would be for drivers that always depend on draw to > advertise one less stage.. Maybe, but that sounds much less flexible. Stéphane _______________________________________________ mesa-dev mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/mesa-dev
