mesa/main: fix MultiDrawElements[BaseVertex] validation of primcount

primcount must be a GLsizei as in the signature for MultiDrawElements
or bad things can happen.

Furthermore, an error should be flagged when primcount is negative.

Curiously, this code used to work somewhat correctly even when primcount
was negative, because the loop that checks count[i] would iterate out of
bounds and almost certainly hit a negative value at some point.

Found by an ASAN error in
GL45-CTS.gtf32.GL3Tests.draw_elements_base_vertex.draw_elements_base_vertex_primcount

Note that the OpenGL spec seems to have s/primcount/drawcount/ at some
point, and the code still reflects the old language.

v2: provide the correct spec quotes (pointed out by Ian)

Cc: mesa-stable@lists.freedesktop.org
Reviewed-by: Marek Olšák <marek.olsak@amd.com> (v1)
Reviewed-by: Ian Romanick <ian.d.romanick@intel.com>

diff --git a/src/mesa/main/api_validate.c b/src/mesa/main/api_validate.c
index 184bf14..44d164a 100644 (file)
--- a/src/mesa/main/api_validate.c
+++ b/src/mesa/main/api_validate.c
@@ -724,12 +724,32 @@ GLboolean
 _mesa_validate_MultiDrawElements(struct gl_context *ctx,
                                  GLenum mode, const GLsizei *count,
                                  GLenum type, const GLvoid * const *indices,
-                                 GLuint primcount)
+                                 GLsizei primcount)
 {
-   unsigned i;
+   GLsizei i;
 
    FLUSH_CURRENT(ctx, 0);
 
+   /*
+    * Section 2.3.1 (Errors) of the OpenGL 4.5 (Core Profile) spec says:
+    *
+    *    "If a negative number is provided where an argument of type sizei or
+    *     sizeiptr is specified, an INVALID_VALUE error is generated."
+    *
+    * and in the same section:
+    *
+    *    "In other cases, there are no side effects unless otherwise noted;
+    *     the command which generates the error is ignored so that it has no
+    *     effect on GL state or framebuffer contents."
+    *
+    * Hence, check both primcount and all the count[i].
+    */
+   if (primcount < 0) {
+      _mesa_error(ctx, GL_INVALID_VALUE,
+                  "glMultiDrawElements(primcount=%d)", primcount);
+      return GL_FALSE;
+   }
+
    for (i = 0; i < primcount; i++) {
       if (count[i] < 0) {
          _mesa_error(ctx, GL_INVALID_VALUE,

diff --git a/src/mesa/main/api_validate.h b/src/mesa/main/api_validate.h
index e94f02e..de520c9 100644 (file)
--- a/src/mesa/main/api_validate.h
+++ b/src/mesa/main/api_validate.h
@@ -57,7 +57,7 @@ extern GLboolean
 _mesa_validate_MultiDrawElements(struct gl_context *ctx,
                                  GLenum mode, const GLsizei *count,
                                  GLenum type, const GLvoid * const *indices,
-                                 GLuint primcount);
+                                 GLsizei primcount);
 
 extern GLboolean
 _mesa_validate_DrawRangeElements(struct gl_context *ctx, GLenum mode,