r600g: fix buffer overflow check in r600_query_begin

author: Vadim Girlin <vadimgirlin@gmail.com> 2011-07-04 18:30:42 +0400
committer: Alex Deucher <alexdeucher@gmail.com> 2011-07-05 16:16:54 -0400
commit: 1ae00c5960af83bea9545a18a1754bad83d5cbd0 (patch)
tree: 31eebb3a82c311e7deb55a02e67cc0c930a2ebf3
parent: 65d0d69c9173d5f725505ed4928b367ea6495177 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/src/gallium/winsys/r600/drm/r600_hw_context.c b/src/gallium/winsys/r600/drm/r600_hw_context.c
index 81e26f61158..633cd35f7a7 100644
--- a/src/gallium/winsys/r600/drm/r600_hw_context.c
+++ b/src/gallium/winsys/r600/drm/r600_hw_context.c
@@ -1725,7 +1725,7 @@ static boolean r600_query_result(struct r600_context *ctx, struct r600_query *qu
 
 void r600_query_begin(struct r600_context *ctx, struct r600_query *query)
 {
-	unsigned required_space;
+	unsigned required_space, required_buffer;
 	int num_backends = r600_get_num_backends(ctx->radeon);
 
 	/* query request needs 6/8 dwords for begin + 6/8 dwords for end */
@@ -1739,8 +1739,11 @@ void r600_query_begin(struct r600_context *ctx, struct r600_query *query)
 		r600_context_flush(ctx);
 	}
 
+	required_buffer = query->num_results +
+		4 * (query->type == PIPE_QUERY_OCCLUSION_COUNTER ? ctx->max_db : 1);
+
 	/* if query buffer is full force a flush */
-	if (query->num_results*4 >= query->buffer_size - 16) {
+	if (required_buffer*4 > query->buffer_size) {
 		if (!(query->state & R600_QUERY_STATE_FLUSHED))
 			r600_context_flush(ctx);
 		r600_query_result(ctx, query, TRUE);
author	Vadim Girlin <vadimgirlin@gmail.com>	2011-07-04 18:30:42 +0400
committer	Alex Deucher <alexdeucher@gmail.com>	2011-07-05 16:16:54 -0400
commit	1ae00c5960af83bea9545a18a1754bad83d5cbd0 (patch)
tree	31eebb3a82c311e7deb55a02e67cc0c930a2ebf3
parent	65d0d69c9173d5f725505ed4928b367ea6495177 (diff)