diff options
author | Fabian Kosmale <fabian.kosmale@qt.io> | 2021-02-05 21:30:56 +0100 |
---|---|---|
committer | Qt Cherry-pick Bot <cherrypick_bot@qt-project.org> | 2021-02-08 10:16:09 +0000 |
commit | fdfd982227f2048974b8761da60b10b6e13cb1d2 (patch) | |
tree | 37e122caa24b5374b948f90be21d68259bd41854 /src | |
parent | 7dc357bc41de0c002ba7c3d9d874205d9926c443 (diff) |
QSGBatchRender: avoid crash if buffer shrinks
The QRhiBuffer does not shrink; thus we can end up with
buffer->buf->size > buffer->size. This would subsequently lead to an
out-of-bounds memory access, and a crash. Fix this by using the
uploadStaticBuffer overload which takes the size.
As a drive-by, remove pointless QByteArray::fromRawData call.
Change-Id: I40058ada6a6a5eb745ae559e8c9ed474fd41f75c
Reviewed-by: Laszlo Agocs <laszlo.agocs@qt.io>
(cherry picked from commit f0a51eef5696782ec325b20f14cfe353d0a58d20)
Reviewed-by: Qt Cherry-pick Bot <cherrypick_bot@qt-project.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp index aa46b5a509..2272956121 100644 --- a/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp +++ b/src/quick/scenegraph/coreapi/qsgbatchrenderer.cpp @@ -1073,11 +1073,11 @@ void Renderer::unmap(Buffer *buffer, bool isIndexBuf) } if (buffer->buf->type() != QRhiBuffer::Dynamic) { m_resourceUpdates->uploadStaticBuffer(buffer->buf, - QByteArray::fromRawData(buffer->data, buffer->size)); + 0, buffer->size, buffer->data); buffer->nonDynamicChangeCount += 1; } else { m_resourceUpdates->updateDynamicBuffer(buffer->buf, 0, buffer->size, - QByteArray::fromRawData(buffer->data, buffer->size)); + buffer->data); } if (m_visualizer->mode() == Visualizer::VisualizeNothing) buffer->data = nullptr; |