x11_surface_get_formats() is currently asserting that the number of
elements in pSurfaceFormats must be greater than or equal to the number
of formats available. This is buggy because pSurfaceFormatsCount
elements are later copied from the internal formats' array, so if
pSurfaceFormatCount is greater, it will overflow it.
On top of that, this assertion violates the spec. From the Vulkan 1.0
(revision 32, with KHR extensions), page 579 of the PDF:
"If pSurfaceFormats is NULL, then the number of format pairs supported
for the given surface is returned in pSurfaceFormatCount. Otherwise,
pSurfaceFormatCount must point to a variable set by the user to the
number of elements in the pSurfaceFormats array, and on return the
variable is overwritten with the number of structures actually written
to pSurfaceFormats. If the value of pSurfaceFormatCount is less than
the number of format pairs supported, at most pSurfaceFormatCount
structures will be written. If pSurfaceFormatCount is smaller than
the number of format pairs supported for the given surface,
VK_INCOMPLETE will be returned instead of VK_SUCCESS to indicate that
not all the available values were returned."
So, the correct behavior is: if pSurfaceFormatCount is greater than the
internal number of formats, it is clamped to that many formats. But
if it is lesser than that, then pSurfaceFormatCount elements are copied,
and the call returns VK_INCOMPLETE.
Reviewed-by: Dave Airlie <airlied@redhat.com>
return VK_SUCCESS;
}
- assert(*pSurfaceFormatCount >= ARRAY_SIZE(formats));
+ VkResult result = VK_SUCCESS;
+
+ if (*pSurfaceFormatCount > ARRAY_SIZE(formats))
+ *pSurfaceFormatCount = ARRAY_SIZE(formats);
+ else if (*pSurfaceFormatCount < ARRAY_SIZE(formats))
+ result = VK_INCOMPLETE;
+
typed_memcpy(pSurfaceFormats, formats, *pSurfaceFormatCount);
- *pSurfaceFormatCount = ARRAY_SIZE(formats);
- return VK_SUCCESS;
+ return result;
}
static VkResult