Index: gpu/command_buffer/service/query_manager.cc |
=================================================================== |
--- gpu/command_buffer/service/query_manager.cc (revision 256988) |
+++ gpu/command_buffer/service/query_manager.cc (working copy) |
@@ -98,6 +98,9 @@ |
mem_params.shm_size = buffer.size; |
mem_params.shm_data_offset = shm_offset(); |
mem_params.shm_data_size = sizeof(QuerySync); |
+ uint32 end = mem_params.shm_data_offset + mem_params.shm_data_size; |
+ if (end > mem_params.shm_size || end < mem_params.shm_data_offset) |
+ return false; |
observer_ = new AsyncPixelTransferCompletionObserverImpl(submit_count); |