From 5ebc14fc47a5e31b3c6be54142550bdf2ac093df Mon Sep 17 00:00:00 2001
From: Michal Krol <[email protected]>
Date: Fri, 9 Oct 2009 13:30:52 +0100
Subject: [PATCH] draw: Do an out-of-bounds check on array elements.
Do not draw a reduced primitive if any of its vertices
reaches outside of the vertex array.
---
src/gallium/auxiliary/draw/draw_pipe.c | 68
++++++++++++++++++++++---------
1 files changed, 48 insertions(+), 20 deletions(-)
diff --git a/src/gallium/auxiliary/draw/draw_pipe.c
b/src/gallium/auxiliary/draw/draw_pipe.c
index 1c6d657..5b88f00 100644
--- a/src/gallium/auxiliary/draw/draw_pipe.c
+++ b/src/gallium/auxiliary/draw/draw_pipe.c
@@ -158,37 +158,64 @@ static void do_triangle( struct draw_context *draw,
-#define QUAD(i0,i1,i2,i3) \
+#define QUAD(i0,i1,i2,i3) do
{ \
+ uint e0 =
(uint)elts[i0]; \
+ uint e1 =
(uint)elts[i1]; \
+ uint e2 =
(uint)elts[i2]; \
+ uint e3 =
(uint)elts[i3]; \
+ if (e0 >= vertex_count || e1 >= vertex_count || e2 >= vertex_count
|| \
+ e3 >= vertex_count)
{ \
+
break; \
+
} \
do_triangle( draw, \
( DRAW_PIPE_RESET_STIPPLE | \
DRAW_PIPE_EDGE_FLAG_0 | \
DRAW_PIPE_EDGE_FLAG_2 ), \
- verts + stride * elts[i0], \
- verts + stride * elts[i1], \
- verts + stride * elts[i3]); \
+ verts + stride *
e0, \
+ verts + stride *
e1, \
+ verts + stride *
e3); \
do_triangle( draw, \
( DRAW_PIPE_EDGE_FLAG_0 | \
DRAW_PIPE_EDGE_FLAG_1 ), \
- verts + stride * elts[i1], \
- verts + stride * elts[i2], \
- verts + stride * elts[i3])
-
-#define TRIANGLE(flags,i0,i1,i2) \
+ verts + stride *
e1, \
+ verts + stride *
e2, \
+ verts + stride *
e3); \
+} while (0)
+
+#define TRIANGLE(flags,i0,i1,i2) do
{ \
+ uint e0 = (uint)elts[i0] &
~DRAW_PIPE_FLAG_MASK; \
+ uint e1 =
(uint)elts[i1]; \
+ uint e2 =
(uint)elts[i2]; \
+ if (e0 >= vertex_count || e1 >= vertex_count || e2 >= vertex_count)
{ \
+
break; \
+
} \
do_triangle( draw, \
elts[i0], /* flags */ \
- verts + stride * (elts[i0] & ~DRAW_PIPE_FLAG_MASK), \
- verts + stride * elts[i1], \
- verts + stride * elts[i2])
-
-#define LINE(flags,i0,i1) \
+ verts + stride *
e0, \
+ verts + stride *
e1, \
+ verts + stride *
e2); \
+} while (0)
+
+#define LINE(flags,i0,i1) do
{ \
+ uint e0 = (uint)elts[i0] &
~DRAW_PIPE_FLAG_MASK; \
+ uint e1 =
(uint)elts[i1]; \
+ if (e0 >= vertex_count || e1 >= vertex_count)
{ \
+
break; \
+
} \
do_line( draw, \
elts[i0], \
- verts + stride * (elts[i0] & ~DRAW_PIPE_FLAG_MASK), \
- verts + stride * elts[i1])
-
-#define POINT(i0) \
+ verts + stride *
e0, \
+ verts + stride *
e1); \
+} while (0)
+
+#define POINT(i0) do
{ \
+ uint e0 =
(uint)elts[i0]; \
+ if (e0 >= vertex_count)
{ \
+
break; \
+
} \
do_point( draw, \
- verts + stride * elts[i0] )
+ verts + stride *
e0); \
+} while (0)
#define FUNC pipe_run
#define ARGS \
@@ -203,7 +230,8 @@ static void do_triangle( struct draw_context *draw,
boolean flatfirst = (draw->rasterizer->flatshade && \
draw->rasterizer->flatshade_first); \
unsigned i; \
- ushort flags
+ ushort flags; \
+ uint vertex_count = draw->pipeline.vertex_count
#define FLUSH
--
1.6.4.msysgit.0
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Mesa3d-dev mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mesa3d-dev
