All of lore.kernel.org
 help / color / mirror / Atom feed
From: bugzilla-daemon@freedesktop.org
To: dri-devel@lists.freedesktop.org
Subject: [Bug 32277] New: overflow in calculate_miptree_layout_r300
Date: Thu,  9 Dec 2010 14:10:15 -0800 (PST)	[thread overview]
Message-ID: <bug-32277-502@http.bugs.freedesktop.org/> (raw)

https://bugs.freedesktop.org/show_bug.cgi?id=32277

           Summary: overflow in calculate_miptree_layout_r300
           Product: Mesa
           Version: git
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: medium
         Component: Drivers/DRI/R600
        AssignedTo: dri-devel@lists.freedesktop.org
        ReportedBy: prahal@yahoo.com


Created an attachment (id=40964)
 View: https://bugs.freedesktop.org/attachment.cgi?id=40964
 Review: https://bugs.freedesktop.org/review?bug=32277&attachment=40964

Fix for the levels array overflow

extremetuxracer 0.5 beta2 shows up a bug in r600c. 

The levels array in radeon_mipmap_tree structure is defined with a size of
RADEON_MIPTREE_MAX_TEXTURE (ie 13). Though in radeon_try_alloc_miptree the size
of numLevels can overflow this size.
Then in calculate_miptree_layout_r300 the loop write out of the array.
Which leads to calloc failure in bo_open from radeon_gem_bo due to corrupted
memory.

This patch fixes this by setting the numLevels max to
RADEON_MIPTREE_MAX_TEXTURE.

-- 
Configure bugmail: https://bugs.freedesktop.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

             reply	other threads:[~2010-12-09 22:10 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-12-09 22:10 bugzilla-daemon [this message]
2010-12-09 22:11 ` [Bug 32277] overflow in calculate_miptree_layout_r300 bugzilla-daemon
2010-12-09 22:14 ` bugzilla-daemon
2010-12-12 23:55 ` bugzilla-daemon
2010-12-20 15:06 ` bugzilla-daemon

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-32277-502@http.bugs.freedesktop.org/ \
    --to=bugzilla-daemon@freedesktop.org \
    --cc=dri-devel@lists.freedesktop.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.