Fix out-of-bounds vertex arrays

Index range cache got a bogus argument for "offset",
so it was not being invalidated properly.

When it wasn't being invalidated properly, our validation
could issue out-of-bounds errors even when the index buffer
was actually not out of bounds.

Change-Id: I9c59412bb20bd6ea16e25bf83f1e64d5889910e9

diff --git a/system/GLESv2_enc/GL2Encoder.cpp b/system/GLESv2_enc/GL2Encoder.cpp
index 61a80f2..6d0b9a3 100755 (executable)
--- a/system/GLESv2_enc/GL2Encoder.cpp
+++ b/system/GLESv2_enc/GL2Encoder.cpp
@@ -612,13 +612,13 @@ void* GL2Encoder::recenterIndices(const void* src,
 void GL2Encoder::getBufferIndexRange(BufferData* buf,
                                      const void* dataWithOffset,
                                      GLenum type,
-                                     GLsizei count,
-                                     GLintptr offset,
+                                     size_t count,
+                                     size_t offset,
                                      int* minIndex_out,
                                      int* maxIndex_out) {
 
     if (buf->m_indexRangeCache.findRange(
-                type, (size_t)offset, count,
+                type, offset, count,
                 m_primitiveRestartEnabled,
                 minIndex_out,
                 maxIndex_out)) {
@@ -628,7 +628,7 @@ void GL2Encoder::getBufferIndexRange(BufferData* buf,
     calcIndexRange(dataWithOffset, type, count, minIndex_out, maxIndex_out);
 
     buf->m_indexRangeCache.addRange(
-            type, (size_t)offset, count, m_primitiveRestartEnabled,
+            type, offset, count, m_primitiveRestartEnabled,
             *minIndex_out, *maxIndex_out);
 }
 
@@ -814,8 +814,8 @@ void GL2Encoder::s_glDrawElements(void *self, GLenum mode, GLsizei count, GLenum
         ctx->getBufferIndexRange(buf,
                                  indices,
                                  type,
-                                 (GLsizei)count,
-                                 (GLintptr)indices, // offset, really
+                                 (size_t)count,
+                                 (size_t)offset,
                                  &minIndex, &maxIndex);
     } else {
         // In this case, the |indices| field holds a real

diff --git a/system/GLESv2_enc/GL2Encoder.h b/system/GLESv2_enc/GL2Encoder.h
index dcd336d..61a4806 100644 (file)
--- a/system/GLESv2_enc/GL2Encoder.h
+++ b/system/GLESv2_enc/GL2Encoder.h
@@ -75,7 +75,7 @@ private:
                           GLenum type, GLsizei count,
                           int minIndex);
     void getBufferIndexRange(BufferData* buf, const void* dataWithOffset,
-                             GLenum type, GLsizei count, GLintptr offset,
+                             GLenum type, size_t count, size_t offset,
                              int* minIndex_out, int* maxIndex_out);
     void getVBOUsage(bool* hasClientArrays, bool* hasVBOs) const;
     void sendVertexAttributes(GLint first, GLsizei count, bool hasClientArrays);