vk_blit_screen: Fix non-accelerated texture size calculation
Addresses the potential OOB access in UnswizzleTexture.
This commit is contained in:
parent
bdd617da03
commit
537c6ac8fe
|
@ -159,11 +159,13 @@ VkSemaphore VKBlitScreen::Draw(const Tegra::FramebufferConfig& framebuffer,
|
||||||
|
|
||||||
const VAddr framebuffer_addr = framebuffer.address + framebuffer.offset;
|
const VAddr framebuffer_addr = framebuffer.address + framebuffer.offset;
|
||||||
const u8* const host_ptr = cpu_memory.GetPointer(framebuffer_addr);
|
const u8* const host_ptr = cpu_memory.GetPointer(framebuffer_addr);
|
||||||
const size_t size_bytes = GetSizeInBytes(framebuffer);
|
|
||||||
|
|
||||||
// TODO(Rodrigo): Read this from HLE
|
// TODO(Rodrigo): Read this from HLE
|
||||||
constexpr u32 block_height_log2 = 4;
|
constexpr u32 block_height_log2 = 4;
|
||||||
const u32 bytes_per_pixel = GetBytesPerPixel(framebuffer);
|
const u32 bytes_per_pixel = GetBytesPerPixel(framebuffer);
|
||||||
|
const u64 size_bytes{Tegra::Texture::CalculateSize(true, bytes_per_pixel,
|
||||||
|
framebuffer.stride, framebuffer.height,
|
||||||
|
1, block_height_log2, 0)};
|
||||||
Tegra::Texture::UnswizzleTexture(
|
Tegra::Texture::UnswizzleTexture(
|
||||||
mapped_span.subspan(image_offset, size_bytes), std::span(host_ptr, size_bytes),
|
mapped_span.subspan(image_offset, size_bytes), std::span(host_ptr, size_bytes),
|
||||||
bytes_per_pixel, framebuffer.width, framebuffer.height, 1, block_height_log2, 0);
|
bytes_per_pixel, framebuffer.width, framebuffer.height, 1, block_height_log2, 0);
|
||||||
|
|
|
@ -63,14 +63,6 @@ void SwizzleImpl(std::span<u8> output, std::span<const u8> input, u32 width, u32
|
||||||
const u32 unswizzled_offset =
|
const u32 unswizzled_offset =
|
||||||
slice * pitch * height + line * pitch + column * BYTES_PER_PIXEL;
|
slice * pitch * height + line * pitch + column * BYTES_PER_PIXEL;
|
||||||
|
|
||||||
if (const auto offset = (TO_LINEAR ? unswizzled_offset : swizzled_offset);
|
|
||||||
offset >= input.size()) {
|
|
||||||
// TODO(Rodrigo): This is an out of bounds access that should never happen. To
|
|
||||||
// avoid crashing the emulator, break.
|
|
||||||
ASSERT_MSG(false, "offset {} exceeds input size {}!", offset, input.size());
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
u8* const dst = &output[TO_LINEAR ? swizzled_offset : unswizzled_offset];
|
u8* const dst = &output[TO_LINEAR ? swizzled_offset : unswizzled_offset];
|
||||||
const u8* const src = &input[TO_LINEAR ? unswizzled_offset : swizzled_offset];
|
const u8* const src = &input[TO_LINEAR ? unswizzled_offset : swizzled_offset];
|
||||||
|
|
||||||
|
|
Reference in New Issue