Fix invalid glGetIntegerv queries mangling return values

bug: 63454254
bug: 63396067

If we are in a < ES 3.0 context and we query something like
GL_MAX_COLOR_ATTACHMENTS, the return value can be corrupted
and lead to all sorts of effects like data structures being
allocated with 4294967295 elements or something, causing
funny crashes down the line.

Change-Id: Ibb05d9f2e7dfa0bf3ef6e518151d735ae890b776

1 files changed, 22 insertions, 0 deletions

diff --git a/system/GLESv2_enc/GL2Encoder.cpp b/system/GLESv2_enc/GL2Encoder.cpp
index 3c37a821..11be3c7f 100755
--- a/system/GLESv2_enc/GL2Encoder.cpp
+++ b/system/GLESv2_enc/GL2Encoder.cpp
@@ -634,6 +634,28 @@ void GL2Encoder::s_glGetIntegerv(void *self, GLenum param, GLint *ptr)
     case GL_MAX_DEPTH_TEXTURE_SAMPLES:
         *ptr = 4;
         break;
+    // Checks for version-incompatible enums.
+    // Not allowed in vanilla ES 2.0.
+    case GL_MAX_TRANSFORM_FEEDBACK_SEPARATE_ATTRIBS:
+    case GL_MAX_UNIFORM_BUFFER_BINDINGS:
+        SET_ERROR_IF(ctx->majorVersion() < 3, GL_INVALID_ENUM);
+        ctx->m_glGetIntegerv_enc(self, param, ptr);
+        break;
+    case GL_MAX_COLOR_ATTACHMENTS:
+    case GL_MAX_DRAW_BUFFERS:
+        SET_ERROR_IF(ctx->majorVersion() < 3 &&
+                     !ctx->hasExtension("GL_EXT_draw_buffers"), GL_INVALID_ENUM);
+        ctx->m_glGetIntegerv_enc(self, param, ptr);
+        break;
+    // Not allowed in ES 3.0.
+    case GL_MAX_ATOMIC_COUNTER_BUFFER_BINDINGS:
+    case GL_MAX_SHADER_STORAGE_BUFFER_BINDINGS:
+    case GL_MAX_VERTEX_ATTRIB_BINDINGS:
+        SET_ERROR_IF(ctx->majorVersion() < 3 ||
+                     (ctx->majorVersion() == 3 &&
+                      ctx->minorVersion() == 0), GL_INVALID_ENUM);
+        ctx->m_glGetIntegerv_enc(self, param, ptr);
+        break;
     default:
         if (!ctx->m_state->getClientStateParameter<GLint>(param, ptr)) {
             ctx->m_glGetIntegerv_enc(self, param, ptr);