diff options
-rw-r--r-- | src/mesa/main/api_validate.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/src/mesa/main/api_validate.c b/src/mesa/main/api_validate.c index 841c6a5302..18dead61c3 100644 --- a/src/mesa/main/api_validate.c +++ b/src/mesa/main/api_validate.c @@ -35,6 +35,7 @@ _mesa_validate_DrawElements(GLcontext *ctx, GLenum mode, GLsizei count, GLenum type, const GLvoid *indices) { + GLboolean mapped = GL_FALSE; ASSERT_OUTSIDE_BEGIN_END_WITH_RETVAL(ctx, GL_FALSE); if (count <= 0) { @@ -67,13 +68,19 @@ _mesa_validate_DrawElements(GLcontext *ctx, /* Vertex buffer object tests */ if (ctx->Array.ElementArrayBufferObj->Name) { GLuint indexBytes; + const GLvoid *map = ctx->Driver.MapBuffer(ctx, + GL_ELEMENT_ARRAY_BUFFER_ARB, + GL_READ_ONLY, + ctx->Array.ElementArrayBufferObj); /* use indices in the buffer object */ - if (!ctx->Array.ElementArrayBufferObj->Data) { + if (!map) { _mesa_warning(ctx, "DrawElements with empty vertex elements buffer!"); return GL_FALSE; } + mapped = GL_TRUE; + /* make sure count doesn't go outside buffer bounds */ if (type == GL_UNSIGNED_INT) { indexBytes = count * sizeof(GLuint); @@ -86,18 +93,18 @@ _mesa_validate_DrawElements(GLcontext *ctx, indexBytes = count * sizeof(GLushort); } - if ((GLubyte *) indices + indexBytes > - ctx->Array.ElementArrayBufferObj->Data + - ctx->Array.ElementArrayBufferObj->Size) { + if (ADD_POINTERS(map, indices) + indexBytes > + (GLubyte *)map + ctx->Array.ElementArrayBufferObj->Size) { _mesa_warning(ctx, "glDrawElements index out of buffer bounds"); + ctx->Driver.UnmapBuffer(ctx, + GL_ELEMENT_ARRAY_BUFFER_ARB, + ctx->Array.ElementArrayBufferObj); return GL_FALSE; } /* Actual address is the sum of pointers. Indices may be used below. */ if (ctx->Const.CheckArrayBounds) { - indices = (const GLvoid *) - ADD_POINTERS(ctx->Array.ElementArrayBufferObj->Data, - (const GLubyte *) indices); + indices = ADD_POINTERS(map, indices); } } else { @@ -126,12 +133,25 @@ _mesa_validate_DrawElements(GLcontext *ctx, if (((GLubyte *) indices)[i] > max) max = ((GLubyte *) indices)[i]; } + if (max >= ctx->Array._MaxElement) { /* the max element is out of bounds of one or more enabled arrays */ + if (mapped) { + ctx->Driver.UnmapBuffer(ctx, + GL_ELEMENT_ARRAY_BUFFER_ARB, + ctx->Array.ElementArrayBufferObj); + } + return GL_FALSE; } } + if (mapped) { + ctx->Driver.UnmapBuffer(ctx, + GL_ELEMENT_ARRAY_BUFFER_ARB, + ctx->Array.ElementArrayBufferObj); + } + return GL_TRUE; } |