| Index: gpu/command_buffer/service/buffer_manager.cc
|
| ===================================================================
|
| --- gpu/command_buffer/service/buffer_manager.cc (revision 67888)
|
| +++ gpu/command_buffer/service/buffer_manager.cc (working copy)
|
| @@ -79,7 +79,7 @@
|
| bool BufferManager::BufferInfo::SetRange(
|
| GLintptr offset, GLsizeiptr size, const GLvoid * data) {
|
| DCHECK(!IsDeleted());
|
| - if (offset + size < offset || offset + size > size_) {
|
| + if (offset < 0 || offset + size < offset || offset + size > size_) {
|
| return false;
|
| }
|
| if (shadowed_) {
|
| @@ -91,9 +91,12 @@
|
|
|
| const void* BufferManager::BufferInfo::GetRange(
|
| GLintptr offset, GLsizeiptr size) const {
|
| - if (!shadowed_ || (offset + size < offset || offset + size > size_)) {
|
| + if (!shadowed_) {
|
| return NULL;
|
| }
|
| + if (offset < 0 || offset + size < offset || offset + size > size_) {
|
| + return NULL;
|
| + }
|
| return shadow_.get() + offset;
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 5525001:
Check offset argument to gpu::gles2::BufferManager::BufferInfo::SetRange is n... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/