Chromium Code Reviews

Unified Diff: gpu/command_buffer/service/buffer_manager.cc

Issue 5525001: Check offset argument to gpu::gles2::BufferManager::BufferInfo::SetRange is n... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments.
Jump to:
View side-by-side diff with in-line comments
« gpu/command_buffer/build_gles2_cmd_buffer.py ('K') | « gpu/command_buffer/build_gles2_cmd_buffer.py ('k') | gpu/command_buffer/service/buffer_manager_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: gpu/command_buffer/service/buffer_manager.cc
===================================================================
--- gpu/command_buffer/service/buffer_manager.cc (revision 67888)
+++ gpu/command_buffer/service/buffer_manager.cc (working copy)
@@ -79,7 +79,7 @@
bool BufferManager::BufferInfo::SetRange(
GLintptr offset, GLsizeiptr size, const GLvoid * data) {
DCHECK(!IsDeleted());
- if (offset + size < offset || offset + size > size_) {
+ if (offset < 0 || offset + size < offset || offset + size > size_) {
return false;
}
if (shadowed_) {
@@ -91,9 +91,12 @@
const void* BufferManager::BufferInfo::GetRange(
GLintptr offset, GLsizeiptr size) const {
- if (!shadowed_ || (offset + size < offset || offset + size > size_)) {
+ if (!shadowed_) {
return NULL;
}
+ if (offset < 0 || offset + size < offset || offset + size > size_) {
+ return NULL;
+ }
return shadow_.get() + offset;
}
« gpu/command_buffer/build_gles2_cmd_buffer.py ('K') | « gpu/command_buffer/build_gles2_cmd_buffer.py ('k') | gpu/command_buffer/service/buffer_manager_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine