commit 88602e6e767bd43d324fec2478b5c54c24289dd7
author Jamie Madill <jmadill@chromium.org> Wed Aug 08 12:49:30 2018 -0400
committer Commit Bot <commit-bot@chromium.org> Wed Aug 08 19:25:20 2018 +0000
tree 17e5c8ae960ea3848a05d6b4cf37d7f09a6e2c68
parent 7cc1e5568ceff689b708b962afac8ee978169a2e

Fix vertex array element limit condition.

Certain overflows wouldn't be detected when the attribute size was less
than the attribute size and we were drawing a small number of vertices.

Fix this and also set the sentinel value for an integer overflow to be
negative maxint instead of -1 to more effectily distinguish the cases.

Bug: angleproject:1391
Change-Id: I970d5e2a630c0a84c2c02ac0ac41ab1a395819fe
Reviewed-on: https://chromium-review.googlesource.com/1162264
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Geoff Lang <geofflang@chromium.org>

src/libANGLE/validationES.cpp

diff --git a/src/libANGLE/validationES.cpp b/src/libANGLE/validationES.cpp
index 2b68e5b..99b7009 100644
--- a/src/libANGLE/validationES.cpp
+++ b/src/libANGLE/validationES.cpp
@@ -117,9 +117,11 @@
         return true;
     }
 
-    // An overflow can happen when adding the offset. Negative indicates overflow.
-    if (context->getStateCache().getNonInstancedVertexElementLimit() < 0 ||
-        context->getStateCache().getInstancedVertexElementLimit() < 0)
+    // An overflow can happen when adding the offset. Check against a special constant.
+    if (context->getStateCache().getNonInstancedVertexElementLimit() ==
+            VertexAttribute::kIntegerOverflow ||
+        context->getStateCache().getInstancedVertexElementLimit() ==
+            VertexAttribute::kIntegerOverflow)
     {
         ANGLE_VALIDATION_ERR(context, InvalidOperation(), IntegerOverflow);
         return false;