vbo/dlist: do not try to pad an empty draw

In the case where u_index_generator returns zero new vertices, we never filled tmp_indices before trying to duplicate the last veretx. This causes us to read unitialized memory. This fixes a Valgrind issue triggering in glxgears on Zink: ---8<--- ==296461== Invalid read of size 2 ==296461== at 0x570F335: compile_vertex_list (vbo_save_api.c:733) ==296461== by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021) ==296461== by 0x571050A: upgrade_vertex (vbo_save_api.c:1134) ==296461== by 0x571050A: fixup_vertex (vbo_save_api.c:1251) ==296461== by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315) ==296461== by 0x10B750: ??? (in /usr/bin/glxgears) ==296461== by 0x10A2CC: ??? (in /usr/bin/glxgears) ==296461== by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6) ==296461== Address 0x11ca23de is 2 bytes before a block of size 1,968 alloc'd ==296461== at 0x4845899: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==296461== by 0x570E647: compile_vertex_list (vbo_save_api.c:604) ==296461== by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021) ==296461== by 0x571050A: upgrade_vertex (vbo_save_api.c:1134) ==296461== by 0x571050A: fixup_vertex (vbo_save_api.c:1251) ==296461== by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315) ==296461== by 0x10B750: ??? (in /usr/bin/glxgears) ==296461== by 0x10A2CC: ??? (in /usr/bin/glxgears) ==296461== by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6) ---8<--- Fixes: dcbf2423d2 ("vbo/dlist: add vertices to incomplete primitives") Reviewed-by: Marek Olšák <marek.olsak@amd.com> Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15633> (cherry picked from commit 83ed40cdcd)
2026-05-05 07:28:11 +02:00 · 2022-03-29 12:38:46 +02:00 · 2022-03-29 12:38:46 +02:00 · b928a28c0d
commit b928a28c0d
parent 87a3c6ea7b
2 changed files with 9 additions and 7 deletions
--- a/.pick_status.json
+++ b/.pick_status.json
@ -6588,7 +6588,7 @@
        "description": "vbo/dlist: do not try to pad an empty draw",
        "nominated": true,
        "nomination_type": 1,
-        "resolution": 0,
+        "resolution": 1,
        "because_sha": "dcbf2423d284b7bf2d0dc3e622c73de00c7d5bf4"
    },
    {
--- a/src/mesa/vbo/vbo_save_api.c
+++ b/src/mesa/vbo/vbo_save_api.c
@ -727,12 +727,14 @@ compile_vertex_list(struct gl_context *ctx)
      }

      /* Duplicate the last vertex for incomplete primitives */
-      unsigned min_vert = u_prim_vertex_count(mode)->min;
-      for (unsigned j = vertex_count; j < min_vert; j++) {
-         indices[idx++] = add_vertex(save, vertex_to_index,
-                                     converted_prim ? CAST_INDEX(tmp_indices, index_size, vertex_count - 1) :
-                                                      original_prims[i].start + vertex_count - 1,
-                                     temp_vertices_buffer, &max_index);
+      if (vertex_count > 0) {
+         unsigned min_vert = u_prim_vertex_count(mode)->min;
+         for (unsigned j = vertex_count; j < min_vert; j++) {
+            indices[idx++] = add_vertex(save, vertex_to_index,
+                                       converted_prim ? CAST_INDEX(tmp_indices, index_size, vertex_count - 1) :
+                                                         original_prims[i].start + vertex_count - 1,
+                                       temp_vertices_buffer, &max_index);
+         }
      }

 #undef CAST_INDEX