vbo/dlist: do not try to pad an empty draw

In the case where u_index_generator returns zero new vertices, we never
filled tmp_indices before trying to duplicate the last veretx. This
causes us to read unitialized memory.

This fixes a Valgrind issue triggering in glxgears on Zink:

---8<---
==296461== Invalid read of size 2
==296461==    at 0x570F335: compile_vertex_list (vbo_save_api.c:733)
==296461==    by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021)
==296461==    by 0x571050A: upgrade_vertex (vbo_save_api.c:1134)
==296461==    by 0x571050A: fixup_vertex (vbo_save_api.c:1251)
==296461==    by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315)
==296461==    by 0x10B750: ??? (in /usr/bin/glxgears)
==296461==    by 0x10A2CC: ??? (in /usr/bin/glxgears)
==296461==    by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6)
==296461==  Address 0x11ca23de is 2 bytes before a block of size 1,968 alloc'd
==296461==    at 0x4845899: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==296461==    by 0x570E647: compile_vertex_list (vbo_save_api.c:604)
==296461==    by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021)
==296461==    by 0x571050A: upgrade_vertex (vbo_save_api.c:1134)
==296461==    by 0x571050A: fixup_vertex (vbo_save_api.c:1251)
==296461==    by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315)
==296461==    by 0x10B750: ??? (in /usr/bin/glxgears)
==296461==    by 0x10A2CC: ??? (in /usr/bin/glxgears)
==296461==    by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6)
---8<---

Fixes: dcbf2423d28 ("vbo/dlist: add vertices to incomplete primitives")
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/15633>

diff --git a/src/mesa/vbo/vbo_save_api.c b/src/mesa/vbo/vbo_save_api.c
index 258359a..29c9c62 100644 (file)
--- a/src/mesa/vbo/vbo_save_api.c
+++ b/src/mesa/vbo/vbo_save_api.c
@@ -727,12 +727,14 @@ compile_vertex_list(struct gl_context *ctx)
       }
 
       /* Duplicate the last vertex for incomplete primitives */
-      unsigned min_vert = u_prim_vertex_count(mode)->min;
-      for (unsigned j = vertex_count; j < min_vert; j++) {
-         indices[idx++] = add_vertex(save, vertex_to_index,
-                                     converted_prim ? CAST_INDEX(tmp_indices, index_size, vertex_count - 1) :
-                                                      original_prims[i].start + vertex_count - 1,
-                                     temp_vertices_buffer, &max_index);
+      if (vertex_count > 0) {
+         unsigned min_vert = u_prim_vertex_count(mode)->min;
+         for (unsigned j = vertex_count; j < min_vert; j++) {
+            indices[idx++] = add_vertex(save, vertex_to_index,
+                                       converted_prim ? CAST_INDEX(tmp_indices, index_size, vertex_count - 1) :
+                                                         original_prims[i].start + vertex_count - 1,
+                                       temp_vertices_buffer, &max_index);
+         }
       }
 
 #undef CAST_INDEX