From 5ae4b0d6490dba7182fd64c3841ab7ea3216317a Mon Sep 17 00:00:00 2001
From: baldurk <baldurk@baldurk.org>
Date: Sun, 30 Nov 2014 20:16:33 +0000
Subject: [PATCH] Make sure glGetBufferSubData call doesn't overrun buffer size

---
 renderdoc/driver/gl/gl_replay.cpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/renderdoc/driver/gl/gl_replay.cpp b/renderdoc/driver/gl/gl_replay.cpp
index bc32c6737..3163d2fdd 100644
--- a/renderdoc/driver/gl/gl_replay.cpp
+++ b/renderdoc/driver/gl/gl_replay.cpp
@@ -274,17 +274,23 @@ vector<byte> GLReplay::GetBufferData(ResourceId buff, uint32_t offset, uint32_t
 	}
 
 	auto &buf = m_pDriver->m_Buffers[buff];
+
+	uint32_t bufsize = (uint32_t)buf.size;
 	
 	if(len > 0 && offset+len > buf.size)
 	{
 		RDCWARN("Attempting to read off the end of the array. Will be clamped");
-		len = RDCMIN(len, uint32_t(buf.size-offset));
+		len = ~0U; // min below will clamp to max size size
 	}
 	else if(len == 0)
 	{
-		len = (uint32_t)buf.size;
+		len = bufsize;
 	}
 	
+	// need to ensure len+offset doesn't overrun buffer or the glGetBufferSubData call
+	// will fail.
+	len = RDCMIN(len, bufsize-offset);
+	
 	ret.resize(len);
 	
 	WrappedOpenGL &gl = *m_pDriver;