From: Pierre-Eric Pelloux-Prayer <pierre-eric.pelloux-prayer@amd.com>
Date: Wed, 8 Jun 2022 08:21:46 +0000 (+0200)
Subject: mesa: skip draws with invalid indices offset
X-Git-Tag: upstream/22.3.5~6531
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5791826b1ac7085c8acf056abc279e66ca64eb55;p=platform%2Fupstream%2Fmesa.git

mesa: skip draws with invalid indices offset

It's easy to misuse glDrawElements and end up with an
invalid indices offset.
Since this can cause a hang, detect this case and skip
the draw.

Closes: https://gitlab.freedesktop.org/mesa/mesa/-/issues/6625
Reviewed-by: Marek Olšák <marek.olsak@amd.com>
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/16662>
---

diff --git a/src/mesa/main/draw.c b/src/mesa/main/draw.c
index 15cef9e..0e2072b 100644
--- a/src/mesa/main/draw.c
+++ b/src/mesa/main/draw.c
@@ -1772,8 +1772,15 @@ _mesa_validated_drawrangeelements(struct gl_context *ctx, GLenum mode,
       info.index.user = indices;
       draw.start = 0;
    } else {
+      uintptr_t start = (uintptr_t) indices;
+      if (unlikely(index_bo->Size < start)) {
+         _mesa_warning(ctx, "Invalid indices offset 0x%" PRIxPTR
+                            " (indices buffer size is %ld bytes)."
+                            " Draw skipped.", start, index_bo->Size);
+         return;
+      }
       info.index.gl_bo = index_bo;
-      draw.start = (uintptr_t)indices >> index_size_shift;
+      draw.start = start >> index_size_shift;
    }
    draw.index_bias = basevertex;