Skip to content

util/vbuf: fix buffer overrun in attribute conversions

using the stride to calculate the buffer map size here is not correct, as the stride is not necessarily equal to the attribute size, it's only the distance between elements. for the case of overlapping elements (cts does this), the result is that the attribute conversion will read past the end of the mapped src region

this is usually fine for drivers when they directly map the vertex buffer, as the memory past the requested region is usually made available, but in the case where the readback occurs using a staging resource sized exactly to the map region, this overflows and fails silently, not even triggering a valgrind error because gpu memory lol

instead, pre-calculate the blocksize of the largest attribute in the buffer and add that to the offset of the last element, as this will yield the true, full range of the buffer which needs to be accessed

Cc: mesa-stable@lists.freedesktop.org

Merge request reports