diff options
author | Fabian Kosmale <fabian.kosmale@qt.io> | 2021-02-05 21:30:56 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-02-08 10:16:09 +0000 |
commit | 16d98bcab940167ef0df424ec106af8e48c25ce4 (patch) | |
tree | db39ed16c6f36c45e359fc31bcb3d0fb53a17894 /src/quick | |
parent | 0b7dddcb6465ba7f08c243e8551dfcda9766b888 (diff) |
QSGBatchRender: avoid crash if buffer shrinks
The QRhiBuffer does not shrink; thus we can end up with
buffer->buf->size > buffer->size. This would subsequently lead to an
out-of-bounds memory access, and a crash. Fix this by using the
uploadStaticBuffer overload which takes the size.
As a drive-by, remove pointless QByteArray::fromRawData call.
Change-Id: I40058ada6a6a5eb745ae559e8c9ed474fd41f75c
Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io>
(cherry picked from commit f0a51eef5696782ec325b20f14cfe353d0a58d20)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src/quick')
-rw-r--r-- | src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp index aa46b5a509..2272956121 100644 --- a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp +++ b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp @@ -1073,11 +1073,11 @@ void Renderer::unmap(Buffer *buffer, bool isIndexBuf) } if (buffer->buf->type() != QRhiBuffer::Dynamic) { m_resourceUpdates->uploadStaticBuffer(buffer->buf, - QByteArray::fromRawData(buffer->data, buffer->size)); + 0, buffer->size, buffer->data); buffer->nonDynamicChangeCount += 1; } else { m_resourceUpdates->updateDynamicBuffer(buffer->buf, 0, buffer->size, - QByteArray::fromRawData(buffer->data, buffer->size)); + buffer->data); } if (m_visualizer->mode() == Visualizer::VisualizeNothing) buffer->data = nullptr; |