fdo-mirrors/mesa
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/mesa/mesa.git synced 2026-05-24 06:18:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
mesa/src/gallium/drivers
History
Patrick Lerda 4439dc7e23 r600: fix r600_draw_vbo() buffer overflow 
The previous implementation was copying the data using the
aligned length (size_dw). The aligned length could overflow
the original buffer size.

For instance, this issue is triggered with "piglit/bin/draw-batch -auto -fbo":
==5736==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fff139c77e8 at pc 0x7f25b350a9a0 bp 0x7fff139c6cb0 sp 0x7fff139c6460
READ of size 8 at 0x7fff139c77e8 thread T0
    #0 0x7f25b350a99f in __interceptor_memcpy (/usr/lib64/libasan.so.6+0x3c99f)
    #1 0x7f25a8fcdf24 in radeon_emit_array ../src/gallium/include/winsys/radeon_winsys.h:760
    #2 0x7f25a8fcdf24 in r600_draw_vbo ../src/gallium/drivers/r600/r600_state_common.c:2448
    #3 0x7f25a8ae7ba1 in u_vbuf_draw_vbo ../src/gallium/auxiliary/util/u_vbuf.c:1791
    #4 0x7f25a7bc18ca in _mesa_validated_drawrangeelements ../src/mesa/main/draw.c:1696
    #5 0x7f25a7bc7e53 in _mesa_DrawElements ../src/mesa/main/draw.c:1824

Fixes: 0cf5d1f226 ("gallium: remove PIPE_CAP_INFO_START_WITH_USER_INDICES and fix all drivers")
Signed-off-by: Patrick Lerda <patrick9876@free.fr>
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/23436>
(cherry picked from commit 340311dac9)
2023-06-07 11:14:20 +02:00
..
asahi asahi: Fix disk cache disable with AGX_MESA_DEBUG 2023-05-09 16:54:30 +01:00
crocus crocus: fix scratch_bos memory leak 2023-05-25 14:06:11 +01:00
d3d12 d3d12: Respect buffer offsets for sampler views 2023-04-19 14:37:56 +01:00
etnaviv etnaviv: update derived state after forced commandstream flush 2023-06-02 19:34:01 +01:00
freedreno freedreno/a6xx: Fix memory leak on error path. 2023-06-02 19:34:02 +01:00
i915 i915: use util_unreference_framebuffer_state to unref fb state 2023-05-05 19:05:45 +01:00
iris intel: Fix support of kernel versions without DRM_I915_QUERY_ENGINE_INFO 2023-06-02 19:34:01 +01:00
lima lima: fix refcnt imbalance related to framebuffer 2023-04-19 14:37:56 +01:00
llvmpipe llvmpipe: fixup refactor copypasta 2023-05-05 19:07:06 +01:00
nouveau nv50: Fix memory leak in error path 2023-06-07 11:14:20 +02:00
panfrost panfrost: Allocate shared memory in OpenCL 2023-04-13 01:49:33 +00:00
r300 r300: fix unconditional KIL on R300/R400 2023-04-26 17:37:27 +01:00
r600 r600: fix r600_draw_vbo() buffer overflow 2023-06-07 11:14:20 +02:00
radeonsi radeonsi: don't use SET_SH_REG_INDEX on gfx7-9 2023-06-07 11:14:20 +02:00
softpipe softpipe: use util_unreference_framebuffer_state to unref fb state 2023-05-05 19:05:49 +01:00
svga svga: use util_unreference_framebuffer_state to unref fb state 2023-05-05 19:05:54 +01:00
tegra tegra: Add support for get_screen_fd 2023-03-31 13:39:05 +00:00
v3d v3d: use util_unreference_framebuffer_state to unref fb state 2023-05-05 19:05:50 +01:00
vc4 vc4: use util_unreference_framebuffer_state to unref fb state 2023-05-05 19:05:51 +01:00
virgl virgl: Fix IB upload when a start >0 is given 2023-06-01 16:49:19 +01:00
zink zink: fix layout(local_size_variable) for vk1.3+ 2023-06-02 19:34:01 +01:00