Skip to content

vbo/dlist: do not try to pad an empty draw

Erik Faye-Lund requested to merge kusma/mesa:vbo-fix-zero-size-draw into main

In the case where u_index_generator returns zero new vertices, we never filled tmp_indices before trying to duplicate the last veretx. This causes us to read unitialized memory.

This fixes a Valgrind issue triggering in glxgears on Zink:

==296461== Invalid read of size 2
==296461==    at 0x570F335: compile_vertex_list (vbo_save_api.c:733)
==296461==    by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021)
==296461==    by 0x571050A: upgrade_vertex (vbo_save_api.c:1134)
==296461==    by 0x571050A: fixup_vertex (vbo_save_api.c:1251)
==296461==    by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315)
==296461==    by 0x10B750: ??? (in /usr/bin/glxgears)
==296461==    by 0x10A2CC: ??? (in /usr/bin/glxgears)
==296461==    by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6)
==296461==  Address 0x11ca23de is 2 bytes before a block of size 1,968 alloc'd
==296461==    at 0x4845899: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==296461==    by 0x570E647: compile_vertex_list (vbo_save_api.c:604)
==296461==    by 0x570FEFB: wrap_buffers (vbo_save_api.c:1021)
==296461==    by 0x571050A: upgrade_vertex (vbo_save_api.c:1134)
==296461==    by 0x571050A: fixup_vertex (vbo_save_api.c:1251)
==296461==    by 0x57114D1: _save_Normal3f (vbo_attrib_tmp.h:315)
==296461==    by 0x10B750: ??? (in /usr/bin/glxgears)
==296461==    by 0x10A2CC: ??? (in /usr/bin/glxgears)
==296461==    by 0x4B3F30F: (below main) (in /usr/lib/libc.so.6)

Merge request reports

Loading