Fix segfault in glDrawElements when count == 0

If count is zero, a nonzero count might get mistakenly passed to
sendVertexAttributes, due to different logic used to arrive at counts
when index buffers are involved. Once the nonzero count is passed to
sendVertexAttributes when count == 0 for the call to glDrawElements,
there is a potential read access violation when we deliver the vertex
attributes.

Test: Run dEQP-GLES3.functional.primitive_restart.*  on host with
goldfish-openg; ASAN does not abort.

Test: Run aosp master cts mustpass on dEQP-EGL, GLES3 to check regressions; all still pass on nvidia

Change-Id: Iedf2b1acb27a4dce00e74ee2227e344037382df1

1 files changed, 6 insertions, 0 deletions

diff --git a/system/GLESv2_enc/GL2Encoder.cpp b/system/GLESv2_enc/GL2Encoder.cpp
index 0217ff04..4fc1765c 100755
--- a/system/GLESv2_enc/GL2Encoder.cpp
+++ b/system/GLESv2_enc/GL2Encoder.cpp
@@ -1255,6 +1255,8 @@ void GL2Encoder::s_glDrawElements(void *self, GLenum mode, GLsizei count, GLenum
                             &maxIndex);
     }
 
+    if (count == 0) return;
+
     bool adjustIndices = true;
     if (ctx->m_state->currentIndexVbo() != 0) {
         if (!has_client_vertex_arrays) {
@@ -3864,6 +3866,8 @@ void GL2Encoder::s_glDrawElementsInstanced(void* self, GLenum mode, GLsizei coun
                             &maxIndex);
     }
 
+    if (count == 0) return;
+
     bool adjustIndices = true;
     if (ctx->m_state->currentIndexVbo() != 0) {
         if (!has_client_vertex_arrays) {
@@ -3955,6 +3959,8 @@ void GL2Encoder::s_glDrawRangeElements(void* self, GLenum mode, GLuint start, GL
                             &maxIndex);
     }
 
+    if (count == 0) return;
+
     bool adjustIndices = true;
     if (ctx->m_state->currentIndexVbo() != 0) {
         if (!has_client_vertex_arrays) {