Bug 1836705 Comment 16 Edit History

Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.

Original comment by

Kelsey Gilbert [:jgilbert]

on 2023-08-18 18:09:33 PDT

Here's my reassembly notes:
```
// gl.drawArraysInstanced(gl.LINE_LOOP, 10, 1105156025=0x41df_57b9, 1);
 __int64 __fastcall sub_AD95F0(int a1:first_vert_id, int a2:segment_vert_count, _DWORD *a3:connected_vert_id_by_segmented_vert_id)
{
  //unsigned int v3; // esi
  int v4; // ecx
  __int64 v5; // rax
  __int64 v6; // r8
  __int64 v7; // rax
  _DWORD *v8; // rsi
  __int64 result; // rax

  //v3 = a2 - 2;
  //if (a2 - 2) // if ( v3 )
  {
    v4:connected_vert_id = first_vert_id;
    LODWORD(v5:segmented_vert_id) = 0;
    for (; segmented_vert_id < segment_vert_count-2;) //do
    {
      //v6 = v5;
      //v5 = (v5 + 2);
      a3:segment_vert_id_pairs[segmented_vert_id] = connected_vert_id;  (v4 += 1;)  //a3[v6] = v4++;          // <-- Crash here!
      a3:segment_vert_id_pairs[segmented_vert_id + 1] = connected_vert_id+1; // a3[v6 + 1] = v4;
      connected_vert_id += 1;
      segmented_vert_id += 2;
    }
    //while ( v5 < v3 );
    //v7 = v5;
    //v8 = &a3[v5]; // v8 = &a3[v7];
    //result = v5 * 4 + 4; //result = v7 * 4 + 4;
    index_data_as_segments[v5] = connected_vert_id; // *v8 = v4;
    index_data_as_segments[v5+1] = first_vert_id;
    //*(a3 + result) = a1;
    result:segmented_vert_id_data_byte_size = segmented_vert_id*sizeof(*connected_vert_id_by_segmented_vert_id);
  }
  /*else
  {
    result = 4LL;
    a3[0] = a1;
    a3[1] = a1;
  }*/
  return result;
}
```

Revision 1 by

Kelsey Gilbert [:jgilbert]

on 2023-08-18 18:09:48 PDT

Here's my reassembly notes:
```c=
// gl.drawArraysInstanced(gl.LINE_LOOP, 10, 1105156025=0x41df_57b9, 1);
 __int64 __fastcall sub_AD95F0(int a1:first_vert_id, int a2:segment_vert_count, _DWORD *a3:connected_vert_id_by_segmented_vert_id)
{
  //unsigned int v3; // esi
  int v4; // ecx
  __int64 v5; // rax
  __int64 v6; // r8
  __int64 v7; // rax
  _DWORD *v8; // rsi
  __int64 result; // rax

  //v3 = a2 - 2;
  //if (a2 - 2) // if ( v3 )
  {
    v4:connected_vert_id = first_vert_id;
    LODWORD(v5:segmented_vert_id) = 0;
    for (; segmented_vert_id < segment_vert_count-2;) //do
    {
      //v6 = v5;
      //v5 = (v5 + 2);
      a3:segment_vert_id_pairs[segmented_vert_id] = connected_vert_id;  (v4 += 1;)  //a3[v6] = v4++;          // <-- Crash here!
      a3:segment_vert_id_pairs[segmented_vert_id + 1] = connected_vert_id+1; // a3[v6 + 1] = v4;
      connected_vert_id += 1;
      segmented_vert_id += 2;
    }
    //while ( v5 < v3 );
    //v7 = v5;
    //v8 = &a3[v5]; // v8 = &a3[v7];
    //result = v5 * 4 + 4; //result = v7 * 4 + 4;
    index_data_as_segments[v5] = connected_vert_id; // *v8 = v4;
    index_data_as_segments[v5+1] = first_vert_id;
    //*(a3 + result) = a1;
    result:segmented_vert_id_data_byte_size = segmented_vert_id*sizeof(*connected_vert_id_by_segmented_vert_id);
  }
  /*else
  {
    result = 4LL;
    a3[0] = a1;
    a3[1] = a1;
  }*/
  return result;
}
```

Back to Bug 1836705 Comment 16