summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFabian Kosmale <fabian.kosmale@qt.io>2021-02-05 21:30:56 +0100
committerQt Cherry-pick Bot <cherrypick_bot@qt-project.org>2021-02-08 10:16:09 +0000
commit16d98bcab940167ef0df424ec106af8e48c25ce4 (patch)
treedb39ed16c6f36c45e359fc31bcb3d0fb53a17894
parent0b7dddcb6465ba7f08c243e8551dfcda9766b888 (diff)
QSGBatchRender: avoid crash if buffer shrinks
The QRhiBuffer does not shrink; thus we can end up with buffer->buf->size > buffer->size. This would subsequently lead to an out-of-bounds memory access, and a crash. Fix this by using the uploadStaticBuffer overload which takes the size. As a drive-by, remove pointless QByteArray::fromRawData call. Change-Id: I40058ada6a6a5eb745ae559e8c9ed474fd41f75c Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io> (cherry picked from commit f0a51eef5696782ec325b20f14cfe353d0a58d20) Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
-rw-r--r--src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp4
1 files changed, 2 insertions, 2 deletions
diff --git a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp
index aa46b5a509..2272956121 100644
--- a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp
+++ b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp
@@ -1073,11 +1073,11 @@ void Renderer::unmap(Buffer *buffer, bool isIndexBuf)
}
if (buffer->buf->type() != QRhiBuffer::Dynamic) {
m_resourceUpdates->uploadStaticBuffer(buffer->buf,
- QByteArray::fromRawData(buffer->data, buffer->size));
+ 0, buffer->size, buffer->data);
buffer->nonDynamicChangeCount += 1;
} else {
m_resourceUpdates->updateDynamicBuffer(buffer->buf, 0, buffer->size,
- QByteArray::fromRawData(buffer->data, buffer->size));
+ buffer->data);
}
if (m_visualizer->mode() == Visualizer::VisualizeNothing)
buffer->data = nullptr;