diff options
| author | Lingfeng Yang <lfy@google.com> | 2017-07-08 17:21:03 -0700 |
|---|---|---|
| committer | Lingfeng Yang <lfy@google.com> | 2017-07-08 17:23:08 -0700 |
| commit | c9b597b947d1f223bfb4c72e40da0f50e009891c (patch) | |
| tree | dc6da177fc19b5e8c7831a3bd22c438783fc8656 | |
| parent | 1e33902f57025a91e978460017be38655f1463b4 (diff) | |
| download | goldfish-opengl-c9b597b947d1f223bfb4c72e40da0f50e009891c.tar.gz | |
Fix invalid glGetIntegerv queries mangling return values
bug: 63454254
bug: 63396067
If we are in a < ES 3.0 context and we query something like
GL_MAX_COLOR_ATTACHMENTS, the return value can be corrupted
and lead to all sorts of effects like data structures being
allocated with 4294967295 elements or something, causing
funny crashes down the line.
Change-Id: Ibb05d9f2e7dfa0bf3ef6e518151d735ae890b776
| -rwxr-xr-x | system/GLESv2_enc/GL2Encoder.cpp | 22 | ||||
| -rw-r--r-- | system/GLESv2_enc/GL2Encoder.h | 8 | ||||
| -rw-r--r-- | system/egl/egl.cpp | 9 |
3 files changed, 38 insertions, 1 deletions
diff --git a/system/GLESv2_enc/GL2Encoder.cpp b/system/GLESv2_enc/GL2Encoder.cpp index 3c37a821..11be3c7f 100755 --- a/system/GLESv2_enc/GL2Encoder.cpp +++ b/system/GLESv2_enc/GL2Encoder.cpp @@ -634,6 +634,28 @@ void GL2Encoder::s_glGetIntegerv(void *self, GLenum param, GLint *ptr) case GL_MAX_DEPTH_TEXTURE_SAMPLES: *ptr = 4; break; + // Checks for version-incompatible enums. + // Not allowed in vanilla ES 2.0. + case GL_MAX_TRANSFORM_FEEDBACK_SEPARATE_ATTRIBS: + case GL_MAX_UNIFORM_BUFFER_BINDINGS: + SET_ERROR_IF(ctx->majorVersion() < 3, GL_INVALID_ENUM); + ctx->m_glGetIntegerv_enc(self, param, ptr); + break; + case GL_MAX_COLOR_ATTACHMENTS: + case GL_MAX_DRAW_BUFFERS: + SET_ERROR_IF(ctx->majorVersion() < 3 && + !ctx->hasExtension("GL_EXT_draw_buffers"), GL_INVALID_ENUM); + ctx->m_glGetIntegerv_enc(self, param, ptr); + break; + // Not allowed in ES 3.0. + case GL_MAX_ATOMIC_COUNTER_BUFFER_BINDINGS: + case GL_MAX_SHADER_STORAGE_BUFFER_BINDINGS: + case GL_MAX_VERTEX_ATTRIB_BINDINGS: + SET_ERROR_IF(ctx->majorVersion() < 3 || + (ctx->majorVersion() == 3 && + ctx->minorVersion() == 0), GL_INVALID_ENUM); + ctx->m_glGetIntegerv_enc(self, param, ptr); + break; default: if (!ctx->m_state->getClientStateParameter<GLint>(param, ptr)) { ctx->m_glGetIntegerv_enc(self, param, ptr); diff --git a/system/GLESv2_enc/GL2Encoder.h b/system/GLESv2_enc/GL2Encoder.h index 11162ee6..730651fa 100644 --- a/system/GLESv2_enc/GL2Encoder.h +++ b/system/GLESv2_enc/GL2Encoder.h @@ -30,6 +30,14 @@ public: void setClientState(GLClientState *state) { m_state = state; } + void setVersion(int major, int minor, + int deviceMajor, int deviceMinor) { + m_currMajorVersion = major; + m_currMinorVersion = minor; + m_deviceMajorVersion = deviceMajor; + m_deviceMinorVersion = deviceMinor; + ALOGD("%s: maj min %d %d\n", __FUNCTION__, major, minor); + } void setClientStateMakeCurrent(GLClientState *state, int majorVersion, int minorVersion, diff --git a/system/egl/egl.cpp b/system/egl/egl.cpp index 66a8a45e..185fbc94 100644 --- a/system/egl/egl.cpp +++ b/system/egl/egl.cpp @@ -1561,6 +1561,13 @@ EGLBoolean eglMakeCurrent(EGLDisplay dpy, EGLSurface draw, EGLSurface read, EGLC ClientAPIExts::initClientFuncs(s_display.gles2_iface(), 1); } if (contextState->needsInitFromCaps()) { + // Need to set the version first if + // querying caps, or validation will trip incorrectly. + hostCon->gl2Encoder()->setVersion( + context->majorVersion, + context->minorVersion, + context->deviceMajorVersion, + context->deviceMinorVersion); // Get caps for indexed buffers from host. // Some need a current context. int max_transform_feedback_separate_attribs = 0; @@ -1598,7 +1605,7 @@ EGLBoolean eglMakeCurrent(EGLDisplay dpy, EGLSurface draw, EGLSurface read, EGLC max_draw_buffers); } - // set the client state and share group + // update the client state, share group, and version if (context->majorVersion > 1) { hostCon->gl2Encoder()->setClientStateMakeCurrent( contextState, |