From 2462320210fa6b625ebbcd0ddde770fc2d4e2155 Mon Sep 17 00:00:00 2001
From: Campbell Barton <ideasman42@gmail.com>
Date: Wed, 14 Jun 2017 17:03:49 +1000
Subject: Fix buffer read error w/ 2 pass select queries

Also don't do second pass when the first has no hits.
---
 source/blender/gpu/intern/gpu_select.c              |  6 ++++++
 source/blender/gpu/intern/gpu_select_sample_query.c | 18 +++++++++++-------
 2 files changed, 17 insertions(+), 7 deletions(-)

(limited to 'source/blender/gpu')

diff --git a/source/blender/gpu/intern/gpu_select.c b/source/blender/gpu/intern/gpu_select.c
index 9496ff137dc..632b0cfee1b 100644
--- a/source/blender/gpu/intern/gpu_select.c
+++ b/source/blender/gpu/intern/gpu_select.c
@@ -75,6 +75,12 @@ static GPUSelectState g_select_state = {0};
  */
 void GPU_select_begin(unsigned int *buffer, unsigned int bufsize, const rcti *input, char mode, int oldhits)
 {
+	if (mode == GPU_SELECT_NEAREST_SECOND_PASS) {
+		/* In the case hits was '-1', don't start the second pass since it's not going to give useful results.
+		 * As well as buffer overflow in 'gpu_select_query_load_id'. */
+		BLI_assert(oldhits != -1);
+	}
+
 	g_select_state.select_is_active = true;
 	g_select_state.use_gpu_select = GPU_select_query_check_active();
 	g_select_state.mode = mode;
diff --git a/source/blender/gpu/intern/gpu_select_sample_query.c b/source/blender/gpu/intern/gpu_select_sample_query.c
index ba5fefc5227..3d589986281 100644
--- a/source/blender/gpu/intern/gpu_select_sample_query.c
+++ b/source/blender/gpu/intern/gpu_select_sample_query.c
@@ -142,13 +142,17 @@ bool gpu_select_query_load_id(unsigned int id)
 	g_query_state.active_query++;
 	g_query_state.query_issued = true;
 
-	if (g_query_state.mode == GPU_SELECT_NEAREST_SECOND_PASS && g_query_state.index < g_query_state.oldhits) {
-		if (g_query_state.buffer[g_query_state.index][3] == id) {
-			g_query_state.index++;
-			return true;
-		}
-		else {
-			return false;
+	if (g_query_state.mode == GPU_SELECT_NEAREST_SECOND_PASS) {
+		/* Second pass should never run if first pass fails, can read past 'bufsize' in this case. */
+		BLI_assert(g_query_state.oldhits != -1);
+		if (g_query_state.index < g_query_state.oldhits) {
+			if (g_query_state.buffer[g_query_state.index][3] == id) {
+				g_query_state.index++;
+				return true;
+			}
+			else {
+				return false;
+			}
 		}
 	}
 
-- 
cgit v1.2.3