xf86-video-intel: src/i965_render.c
Chris Wilson
ickle at kemper.freedesktop.org
Tue Dec 8 05:52:43 PST 2009
src/i965_render.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
New commits:
commit 47416b1eea09b238a997636d35998d71e0d18161
Author: Chris Wilson <chris at chris-wilson.co.uk>
Date: Tue Dec 8 13:47:07 2009 +0000
i965: Maximum number of vertices per composite is 24, not 18
Beware the potential buffer overflow.
Signed-off-by: Chris Wilson <chris at chris-wilson.co.uk>
diff --git a/src/i965_render.c b/src/i965_render.c
index 62e17e4..10ed561 100644
--- a/src/i965_render.c
+++ b/src/i965_render.c
@@ -1682,7 +1682,7 @@ i965_composite(PixmapPtr dest, int srcX, int srcY, int maskX, int maskY,
float src_x[3], src_y[3], src_w[3], mask_x[3], mask_y[3], mask_w[3];
int i;
drm_intel_bo *vb_bo;
- float vb[18];
+ float vb[24]; /* 3 * (2 dst + 3 src + 3 mask) */
Bool is_affine = render_state->composite_op.is_affine;
if (is_affine) {
@@ -1801,7 +1801,6 @@ i965_composite(PixmapPtr dest, int srcX, int srcY, int maskX, int maskY,
if (!is_affine)
vb[i++] = mask_w[0];
}
- assert(i <= VERTEX_BUFFER_SIZE);
drm_intel_bo_subdata(vb_bo, render_state->vb_offset * 4, i * 4, vb);
if (!i965_composite_check_aperture(scrn))
More information about the xorg-commit
mailing list