On Sun, 09 Nov 2014 00:15:49 +0100, Jerome Glisse j.glisse@gmail.com wrote:
On Sat, Nov 08, 2014 at 11:51:30PM +0100, Glenn Kennard wrote:
Signed-off-by: Glenn Kennard glenn.kennard@gmail.com
NAK insecure. This is missing any kind of boundary checking for the indirect buffer and thus can be abuse.
The indirect command buffer is a fixed format 16 or 20 bytes size, read by fixed function hardware, which only contains the following:
For PACKET3_DRAW_INDIRECT:
typedef struct { GLuint count; GLuint primCount; GLuint first; GLuint reservedMustBeZero; } DrawArraysIndirectCommand;
or PACKET3_DRAW_INDEX_INDIRECT:
typedef struct { GLuint count; GLuint primCount; GLuint firstIndex; GLint baseVertex; GLuint reservedMustBeZero; } DrawElementsIndirectCommand;
Please outline an example of how this would be abused.
/Glenn