Skip to content

A
angle
Commit 4d632d8e by Jamie Madill
Options

Fix buffer overflow error on buffer resize.

We were using the new, larger size for our buffer data copy step, instead of the old, smaller size. This bug was causing a crash on older nVidia drivers during normal browser usage. Reproducible with the index-validation-large-buffer WebGL test. BUG=angle:667 BUG=384420 Change-Id: I98ee893e0d8ba0bfc9adfe5a338da9b940248879 Reviewed-on: https://chromium-review.googlesource.com/203776Tested-by: 's avatarJamie Madill <jmadill@chromium.org> Reviewed-by: 's avatarShannon Woods <shannonwoods@chromium.org> Reviewed-by: 's avatarGeoff Lang <geofflang@chromium.org>
parent f26ecc81
Showing with 4 additions and 1 deletion
src/libGLESv2/renderer/d3d11/BufferStorage11.cpp
......@@ -646,9 +646,12 @@ bool BufferStorage11::NativeBuffer11::resize(size_t size, bool preserveData)
if (mNativeBuffer && preserveData)
{
// We don't call resize if the buffer is big enough already.
ASSERT(mBufferSize <= size);
D3D11_BOX srcBox;
srcBox.left = 0;
srcBox.right = size;
srcBox.right = mBufferSize;
srcBox.top = 0;
srcBox.bottom = 1;
srcBox.front = 0;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment