From 5b5a9787d9f4223483b360a740b53464d3ea6293 Mon Sep 17 00:00:00 2001 From: gabest11 Date: Sun, 8 Jan 2012 21:02:42 +0000 Subject: [PATCH] GSdx: fixing a possible buffer overflow git-svn-id: http://pcsx2.googlecode.com/svn/trunk@5063 96395faa-99c1-11dd-bbfe-3dabce05a288 --- plugins/GSdx/GSRenderer.cpp | 10 +++++++++- plugins/GSdx/GSRendererSW.cpp | 12 ++++++------ plugins/GSdx/GSState.cpp | 16 +++++++--------- 3 files changed, 22 insertions(+), 16 deletions(-) diff --git a/plugins/GSdx/GSRenderer.cpp b/plugins/GSdx/GSRenderer.cpp index aa38f7aa07..0fe8ab8961 100644 --- a/plugins/GSdx/GSRenderer.cpp +++ b/plugins/GSdx/GSRenderer.cpp @@ -345,8 +345,16 @@ void GSRenderer::VSync(int field) if(fillrate > 0) { s += format(" | %.2f mpps", fps * fillrate / (1024 * 1024)); - } + int sum = 0; + + for(int i = 0; i < 16; i++) + { + sum += m_perfmon.CPU(GSPerfMon::WorkerDraw0 + i); + } + + s += format(" | %d%% CPU", sum); + } } else { diff --git a/plugins/GSdx/GSRendererSW.cpp b/plugins/GSdx/GSRendererSW.cpp index cd3db7f094..daedb6c8bf 100644 --- a/plugins/GSdx/GSRendererSW.cpp +++ b/plugins/GSdx/GSRendererSW.cpp @@ -808,19 +808,19 @@ bool GSRendererSW::GetScanlineGlobalData(SharedData* data) { // skip per pixel division if q is constant - GSVertexSW* RESTRICT v = (GSVertexSW*)m_vertex.buff;// data->vertex; + GSVertexSW* RESTRICT v = (GSVertexSW*)m_vertex.buff; if(m_vt->m_eq.q) { gd.sel.fst = 1; - const GSVector4& t = v[m_index.buff[0]].t; // v[data->index[0]].t; + const GSVector4& t = v[m_index.buff[0]].t; if(t.z != 1.0f) { GSVector4 w = t.zzzz().rcpnr(); - for(int i = 0, j = m_vertex.next/*data->vertex_count*/; i < j; i++) + for(int i = 0, j = m_vertex.next; i < j; i++) { GSVector4 t = v[i].t; @@ -832,7 +832,7 @@ bool GSRendererSW::GetScanlineGlobalData(SharedData* data) { gd.sel.fst = 1; - for(int i = 0, j = m_vertex.next/*data->vertex_count*/; i < j; i += 2) + for(int i = 0, j = m_vertex.next; i < j; i += 2) { GSVector4 t0 = v[i + 0].t; GSVector4 t1 = v[i + 1].t; @@ -853,9 +853,9 @@ bool GSRendererSW::GetScanlineGlobalData(SharedData* data) GSVector4 half(0x8000, 0x8000); - GSVertexSW* RESTRICT v = (GSVertexSW*)m_vertex.buff;// data->vertex; + GSVertexSW* RESTRICT v = (GSVertexSW*)m_vertex.buff; - for(int i = 0, j = m_vertex.next/*data->vertex_count*/; i < j; i++) + for(int i = 0, j = m_vertex.next; i < j; i++) { GSVector4 t = v[i].t; diff --git a/plugins/GSdx/GSState.cpp b/plugins/GSdx/GSState.cpp index 302be4b484..5af6b37268 100644 --- a/plugins/GSdx/GSState.cpp +++ b/plugins/GSdx/GSState.cpp @@ -2133,15 +2133,15 @@ void GSState::GrowVertexBuffer() } m_vertex.buff = vertex; - m_vertex.maxcount = maxcount - 100; // -100 because skipped vertices don't trigger growing the vertex buffer (VertexKick should be as fast as possible) + m_vertex.maxcount = maxcount - 3; // -3 to have some space at the end of the buffer before DrawingKick can grow it m_index.buff = index; } -static GSVector4i s_zw_sign = GSVector4i::x80000000().sll<8>(); - template __forceinline void GSState::VertexKick(uint32 skip) { + ASSERT(m_vertex.tail < m_vertex.maxcount); + size_t head = m_vertex.head; size_t tail = m_vertex.tail; size_t next = m_vertex.next; @@ -2260,13 +2260,14 @@ __forceinline void GSState::VertexKick(uint32 skip) case GS_TRIANGLELIST: case GS_SPRITE: case GS_INVALID: - m_vertex.tail = head; + m_vertex.tail = head; // no need to check or grow the buffer length break; case GS_LINESTRIP: case GS_TRIANGLESTRIP: m_vertex.head = head + 1; - break; + // fall through case GS_TRIANGLEFAN: + if(tail >= m_vertex.maxcount) GrowVertexBuffer(); // in case too many vertices were skipped break; default: __assume(0); @@ -2275,10 +2276,7 @@ __forceinline void GSState::VertexKick(uint32 skip) return; } - if(tail >= m_vertex.maxcount) - { - GrowVertexBuffer(); - } + if(tail >= m_vertex.maxcount) GrowVertexBuffer(); uint32* RESTRICT buff = &m_index.buff[m_index.tail];