diff options
author | Vadim Girlin <vadimgirlin@gmail.com> | 2011-07-04 18:30:42 +0400 |
---|---|---|
committer | Alex Deucher <alexdeucher@gmail.com> | 2011-07-05 16:16:54 -0400 |
commit | 1ae00c5960af83bea9545a18a1754bad83d5cbd0 (patch) | |
tree | 31eebb3a82c311e7deb55a02e67cc0c930a2ebf3 | |
parent | 65d0d69c9173d5f725505ed4928b367ea6495177 (diff) |
r600g: fix buffer overflow check in r600_query_begin
-rw-r--r-- | src/gallium/winsys/r600/drm/r600_hw_context.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/gallium/winsys/r600/drm/r600_hw_context.c b/src/gallium/winsys/r600/drm/r600_hw_context.c index 81e26f61158..633cd35f7a7 100644 --- a/src/gallium/winsys/r600/drm/r600_hw_context.c +++ b/src/gallium/winsys/r600/drm/r600_hw_context.c @@ -1725,7 +1725,7 @@ static boolean r600_query_result(struct r600_context *ctx, struct r600_query *qu void r600_query_begin(struct r600_context *ctx, struct r600_query *query) { - unsigned required_space; + unsigned required_space, required_buffer; int num_backends = r600_get_num_backends(ctx->radeon); /* query request needs 6/8 dwords for begin + 6/8 dwords for end */ @@ -1739,8 +1739,11 @@ void r600_query_begin(struct r600_context *ctx, struct r600_query *query) r600_context_flush(ctx); } + required_buffer = query->num_results + + 4 * (query->type == PIPE_QUERY_OCCLUSION_COUNTER ? ctx->max_db : 1); + /* if query buffer is full force a flush */ - if (query->num_results*4 >= query->buffer_size - 16) { + if (required_buffer*4 > query->buffer_size) { if (!(query->state & R600_QUERY_STATE_FLUSHED)) r600_context_flush(ctx); r600_query_result(ctx, query, TRUE); |