summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorBrian Paul <brian.paul@tungstengraphics.com>2008-12-17 18:52:10 -0700
committerBrian Paul <brian.paul@tungstengraphics.com>2008-12-17 18:52:10 -0700
commitd1c8af7c0a18340fdde45ade6f612939a3c8e62a (patch)
tree71b75df9895ee6f4ca28196a637613e43616bcef /src
parentf0b0794b3885a2fdfb168ec4521c7b5e942d3228 (diff)
gallium: fix memory corruption in u_gen_mipmap.c
Remove the old/initial vbuf allocation in util_create_gen_mipmap(). We were allocating a small vbuf at this point so get_next_slot() didn't have as large of buffer as it expected. So all but the first set_vertex_data() was writing out of bounds. Also added some comments.
Diffstat (limited to 'src')
-rw-r--r--src/gallium/auxiliary/util/u_gen_mipmap.c19
1 files changed, 9 insertions, 10 deletions
diff --git a/src/gallium/auxiliary/util/u_gen_mipmap.c b/src/gallium/auxiliary/util/u_gen_mipmap.c
index 5f395ec6e9..5afc52ba35 100644
--- a/src/gallium/auxiliary/util/u_gen_mipmap.c
+++ b/src/gallium/auxiliary/util/u_gen_mipmap.c
@@ -760,15 +760,6 @@ util_create_gen_mipmap(struct pipe_context *pipe,
/* fragment shader */
ctx->fs = util_make_fragment_tex_shader(pipe, &ctx->frag_shader);
- ctx->vbuf = pipe_buffer_create(pipe->screen,
- 32,
- PIPE_BUFFER_USAGE_VERTEX,
- sizeof(ctx->vertices));
- if (!ctx->vbuf) {
- FREE(ctx);
- return NULL;
- }
-
/* vertex data that doesn't change */
for (i = 0; i < 4; i++) {
ctx->vertices[i][0][2] = 0.0f; /* z */
@@ -777,11 +768,18 @@ util_create_gen_mipmap(struct pipe_context *pipe,
ctx->vertices[i][1][3] = 1.0f; /* q */
}
+ /* Note: the actual vertex buffer is allocated as needed below */
+
return ctx;
}
-static unsigned get_next_slot( struct gen_mipmap_state *ctx )
+/**
+ * Get next "slot" of vertex space in the vertex buffer.
+ * We're allocating one large vertex buffer and using it piece by piece.
+ */
+static unsigned
+get_next_slot(struct gen_mipmap_state *ctx)
{
const unsigned max_slots = 4096 / sizeof ctx->vertices;
@@ -798,6 +796,7 @@ static unsigned get_next_slot( struct gen_mipmap_state *ctx )
return ctx->vbuf_slot++ * sizeof ctx->vertices;
}
+
static unsigned
set_vertex_data(struct gen_mipmap_state *ctx, float width, float height)
{