Early exit in es2::Context::drawElements on count=0.
This fixes an issue where es2::Context::drawElements would still try to
read draw data even when there are 0 elements to draw, causing a buffer
overflow on draw data.
This was found by running Android ES3 dEQP under ASAN. The failing tests
are EQP-GLES3.functional.primitive_restart.[begin_restart,
begin_restart_duplicate_restarts, begin_restart_end_restart,
begin_restart_end_restart_duplicate_restarts,
end_restart_duplicate_restarts, duplicate_restarts].*
The crashing dEQP tests cover glDrawElementsInstanced,
glDrawRangeElements, and glDrawElements. These all converge onto
es2::Context::drawElements.
Bug: b/123716871
Change-Id: I4bca0616eb9f92bf18a3331459f3dcd06b8ac9a9
Signed-off-by: Cody Schuffelen <schuffelen@google.com>
Test: cts-tradefed run commandAndExit cts -m CtsDeqpTestCases --module-arg 'CtsDeqpTestCases:include-filter:dEQP-GLES3.functional.primitive_restart.*'
Reviewed-on: https://swiftshader-review.googlesource.com/c/24548
Kokoro-Presubmit: kokoro <noreply+kokoro@google.com>
Reviewed-by: Nicolas Capens <nicolascapens@google.com>
diff --git a/src/OpenGL/libGLESv2/Context.cpp b/src/OpenGL/libGLESv2/Context.cpp
index 2cee54e..23f004d 100644
--- a/src/OpenGL/libGLESv2/Context.cpp
+++ b/src/OpenGL/libGLESv2/Context.cpp
@@ -3628,6 +3628,11 @@
return; // Nothing to process.
}
+ if(count == 0)
+ {
+ return;
+ }
+
if(!indices && !getCurrentVertexArray()->getElementArrayBuffer())
{
return error(GL_INVALID_OPERATION);
