kc3-lang/angle/src/libANGLE/params.cpp
-
Show log
Commit
-
Hash : 18e323ab
Author :
Date : 2018-05-11T16:54:17
D3D11: Fix out-of-range access with robust access. When using a vertex buffer with DYNAMIC usage, with robust buffer access enabled, we would sometimes read out-of-bounds when using very large values for the index range. An unchecked signed addition would overflow and lead to reading a negative offset. Fix this problem by keeping the value size_t whenever possible. Also do clamped casts when converting to a smaller values. Also adds a regression test. Bug: chromium:842028 Change-Id: Ie630ac857c6acfc0bace849a03eebfbaa2fbe89a Reviewed-on: https://chromium-review.googlesource.com/1055928 Commit-Queue: Jamie Madill <jmadill@chromium.org> Reviewed-by: Geoff Lang <geofflang@chromium.org>
-
src/libANGLE/params.cpp
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193
// // Copyright 2017 The ANGLE Project Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // params: // Parameter wrapper structs for OpenGL ES. These helpers cache re-used values // in entry point routines. #include "libANGLE/params.h" #include "common/utilities.h" #include "libANGLE/Context.h" #include "libANGLE/VertexArray.h" namespace gl { // static constexpr ParamTypeInfo ParamsBase::TypeInfo; constexpr ParamTypeInfo DrawCallParams::TypeInfo; // DrawCallParams implementation. // Called by DrawArrays. DrawCallParams::DrawCallParams(GLenum mode, GLint firstVertex, GLsizei vertexCount, GLsizei instances) : mMode(mode), mFirstVertex(firstVertex), mVertexCount(vertexCount), mIndexCount(0), mBaseVertex(0), mType(GL_NONE), mIndices(nullptr), mInstances(instances), mIndirect(nullptr) { } // Called by DrawElements. DrawCallParams::DrawCallParams(GLenum mode, GLint indexCount, GLenum type, const void *indices, GLint baseVertex, GLsizei instances) : mMode(mode), mFirstVertex(0), mVertexCount(0), mIndexCount(indexCount), mBaseVertex(baseVertex), mType(type), mIndices(indices), mInstances(instances), mIndirect(nullptr) { } // Called by DrawArraysIndirect. DrawCallParams::DrawCallParams(GLenum mode, const void *indirect) : mMode(mode), mFirstVertex(0), mVertexCount(0), mIndexCount(0), mBaseVertex(0), mType(GL_NONE), mIndices(nullptr), mInstances(0), mIndirect(indirect) { } // Called by DrawElementsIndirect. DrawCallParams::DrawCallParams(GLenum mode, GLenum type, const void *indirect) : mMode(mode), mFirstVertex(0), mVertexCount(0), mIndexCount(0), mBaseVertex(0), mType(type), mIndices(nullptr), mInstances(0), mIndirect(indirect) { } GLenum DrawCallParams::mode() const { return mMode; } GLint DrawCallParams::firstVertex() const { // In some cases we can know the first vertex will be fixed at zero, if we're on the "fast // path". In these cases the index range is not resolved. If the first vertex is not zero, // however, then it must be because the index range is resolved. This only applies to the // D3D11 back-end currently. ASSERT(mFirstVertex == 0 || (!isDrawElements() || mIndexRange.valid())); return mFirstVertex; } size_t DrawCallParams::vertexCount() const { ASSERT(!isDrawElements() || mIndexRange.valid()); return mVertexCount; } GLsizei DrawCallParams::indexCount() const { ASSERT(isDrawElements()); return mIndexCount; } GLint DrawCallParams::baseVertex() const { return mBaseVertex; } GLenum DrawCallParams::type() const { ASSERT(isDrawElements()); return mType; } const void *DrawCallParams::indices() const { return mIndices; } GLsizei DrawCallParams::instances() const { return mInstances; } const void *DrawCallParams::indirect() const { return mIndirect; } bool DrawCallParams::isDrawElements() const { return (mType != GL_NONE); } bool DrawCallParams::isDrawIndirect() const { // This is a bit of a hack - it's quite possible for a direct call to have a zero count, but we // assume these calls are filtered out before they make it to this code. return (mIndexCount == 0 && mVertexCount == 0); } Error DrawCallParams::ensureIndexRangeResolved(const Context *context) const { if (mIndexRange.valid() || !isDrawElements()) { return NoError(); } const State &state = context->getGLState(); const gl::VertexArray *vao = state.getVertexArray(); gl::Buffer *elementArrayBuffer = vao->getElementArrayBuffer().get(); if (elementArrayBuffer) { uintptr_t offset = reinterpret_cast<uintptr_t>(mIndices); IndexRange indexRange; ANGLE_TRY(elementArrayBuffer->getIndexRange(context, mType, static_cast<size_t>(offset), mIndexCount, state.isPrimitiveRestartEnabled(), &indexRange)); mIndexRange = indexRange; } else { mIndexRange = ComputeIndexRange(mType, mIndices, mIndexCount, state.isPrimitiveRestartEnabled()); } const IndexRange &indexRange = mIndexRange.value(); mFirstVertex = mBaseVertex + static_cast<GLint>(indexRange.start); mVertexCount = indexRange.vertexCount(); return NoError(); } const IndexRange &DrawCallParams::getIndexRange() const { ASSERT(isDrawElements() && mIndexRange.valid()); return mIndexRange.value(); } } // namespace gl