From 5949a994c84d33a613ba5fe92cd72e02d1980686 Mon Sep 17 00:00:00 2001 From: RuiwenTang Date: Thu, 2 Nov 2023 16:46:21 +0800 Subject: [PATCH] gl_engine: fix memory out of bounds error in GlGpuBuffer If buffer data is larger than memory alignment, need to make sure there is enough memory in current stage buffer --- src/renderer/gl_engine/tvgGlGpuBuffer.cpp | 8 ++++---- src/renderer/gl_engine/tvgGlGpuBuffer.h | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/renderer/gl_engine/tvgGlGpuBuffer.cpp b/src/renderer/gl_engine/tvgGlGpuBuffer.cpp index eb17f2f9..56a8c32d 100644 --- a/src/renderer/gl_engine/tvgGlGpuBuffer.cpp +++ b/src/renderer/gl_engine/tvgGlGpuBuffer.cpp @@ -87,7 +87,7 @@ GlStageBuffer::~GlStageBuffer() uint32_t GlStageBuffer::push(void *data, uint32_t size, bool alignGpuOffset) { - if (alignGpuOffset) alignOffset(); + if (alignGpuOffset) alignOffset(size); uint32_t offset = mStageBuffer.count; @@ -135,7 +135,7 @@ GLuint GlStageBuffer::getBufferId() return mGpuBuffer->getBufferId(); } -void GlStageBuffer::alignOffset() +void GlStageBuffer::alignOffset(uint32_t size) { uint32_t alignment = _getGpuBufferAlign(); @@ -145,8 +145,8 @@ void GlStageBuffer::alignOffset() uint32_t offset = alignment - mStageBuffer.count % alignment; - if (mStageBuffer.count + offset > mStageBuffer.reserved) { - mStageBuffer.grow(max(alignment, mStageBuffer.reserved)); + if (mStageBuffer.count + offset + size > mStageBuffer.reserved) { + mStageBuffer.grow(max(offset + size, mStageBuffer.reserved)); } mStageBuffer.count += offset; diff --git a/src/renderer/gl_engine/tvgGlGpuBuffer.h b/src/renderer/gl_engine/tvgGlGpuBuffer.h index 88f812fc..7d655ceb 100644 --- a/src/renderer/gl_engine/tvgGlGpuBuffer.h +++ b/src/renderer/gl_engine/tvgGlGpuBuffer.h @@ -64,7 +64,7 @@ public: GLuint getBufferId(); private: - void alignOffset(); + void alignOffset(uint32_t size); private: GLuint mVao = 0; unique_ptr mGpuBuffer = {};