Google Git
Sign in
swiftshader/SwiftShader/6ea7187ce9fd7610db170a6c63a77e81aa7e92bf^!/./src/Renderer/Surface.cpp
commit
6ea7187ce9fd7610db170a6c63a77e81aa7e92bf
[log] [tgz]
author
Nicolas Capens <capn@google.com>
Fri Jun 26 13:00:48 2015 -0400
committer
Nicolas Capens <capn@google.com>
Fri Jun 26 19:59:28 2015 +0000
tree
47932d70d396b8ccae67a7b1edc894c60c88d978
parent
db17b5d40c10d9854207f9026023c55ef90149d1 [diff] [blame]
Fix texture sampling buffer overrun.

Sampling byte4 data currently reads 8 bytes for unpacking purposes.
Allocate 4 more bytes to prevent reading outside the image, even
though it's unused data.

Bug 21935792

Change-Id: I162fb3f3575131cedb008f82ef5170e773719e41
Reviewed-on: https://swiftshader-review.googlesource.com/3572
Reviewed-by: Alexis Hétu <sugoi@google.com>
Tested-by: Nicolas Capens <capn@google.com>
Reviewed-by: Nicolas Capens <capn@google.com>

diff --git a/src/Renderer/Surface.cpp b/src/Renderer/Surface.cpp
index 300ce35..40aa920 100644
--- a/src/Renderer/Surface.cpp
+++ b/src/Renderer/Surface.cpp

@@ -2382,7 +2382,9 @@
 		int width2 = (width + 1) & ~1;
 		int height2 = (height + 1) & ~1;
 
-		return allocateZero(size(width2, height2, depth, format));
+		// FIXME: Unpacking byte4 to short4 in the sampler currently involves reading 8 bytes,
+		// so we have to allocate 4 extra bytes to avoid buffer overruns.
+		return allocateZero(size(width2, height2, depth, format) + 4);
 	}
 
 	void Surface::memfill4(void *buffer, int pattern, int bytes)