kc3-lang/angle/src/libANGLE/renderer/d3d/VertexDataManager.h
-
Show log
Commit
-
Hash : 18e323ab
Author :
Date : 2018-05-11T16:54:17
D3D11: Fix out-of-range access with robust access. When using a vertex buffer with DYNAMIC usage, with robust buffer access enabled, we would sometimes read out-of-bounds when using very large values for the index range. An unchecked signed addition would overflow and lead to reading a negative offset. Fix this problem by keeping the value size_t whenever possible. Also do clamped casts when converting to a smaller values. Also adds a regression test. Bug: chromium:842028 Change-Id: Ie630ac857c6acfc0bace849a03eebfbaa2fbe89a Reviewed-on: https://chromium-review.googlesource.com/1055928 Commit-Queue: Jamie Madill <jmadill@chromium.org> Reviewed-by: Geoff Lang <geofflang@chromium.org>
-
src/libANGLE/renderer/d3d/VertexDataManager.h
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152
// // Copyright (c) 2002-2012 The ANGLE Project Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // VertexDataManager.h: Defines the VertexDataManager, a class that // runs the Buffer translation process. #ifndef LIBANGLE_RENDERER_D3D_VERTEXDATAMANAGER_H_ #define LIBANGLE_RENDERER_D3D_VERTEXDATAMANAGER_H_ #include "common/angleutils.h" #include "libANGLE/angletypes.h" #include "libANGLE/Constants.h" #include "libANGLE/VertexAttribute.h" namespace gl { class State; struct VertexAttribute; class VertexBinding; struct VertexAttribCurrentValueData; } namespace rx { class BufferD3D; class BufferFactoryD3D; class StreamingVertexBufferInterface; class VertexBuffer; class VertexBufferBinding final { public: VertexBufferBinding(); VertexBufferBinding(const VertexBufferBinding &other); ~VertexBufferBinding(); void set(VertexBuffer *vertexBuffer); VertexBuffer *get() const; VertexBufferBinding &operator=(const VertexBufferBinding &other); private: VertexBuffer *mBoundVertexBuffer; }; struct TranslatedAttribute { TranslatedAttribute(); TranslatedAttribute(const TranslatedAttribute &other); // Computes the correct offset from baseOffset, usesFirstVertexOffset, stride and startVertex. // Can throw an error on integer overflow. gl::ErrorOrResult<unsigned int> computeOffset(GLint startVertex) const; bool active; const gl::VertexAttribute *attribute; const gl::VertexBinding *binding; GLenum currentValueType; unsigned int baseOffset; bool usesFirstVertexOffset; unsigned int stride; // 0 means not to advance the read pointer at all VertexBufferBinding vertexBuffer; BufferD3D *storage; unsigned int serial; unsigned int divisor; }; enum class VertexStorageType { UNKNOWN, STATIC, // Translate the vertex data once and re-use it. DYNAMIC, // Translate the data every frame into a ring buffer. DIRECT, // Bind a D3D buffer directly without any translation. CURRENT_VALUE, // Use a single value for the attribute. }; // Given a vertex attribute, return the type of storage it will use. VertexStorageType ClassifyAttributeStorage(const gl::VertexAttribute &attrib, const gl::VertexBinding &binding); class VertexDataManager : angle::NonCopyable { public: VertexDataManager(BufferFactoryD3D *factory); virtual ~VertexDataManager(); gl::Error initialize(); void deinitialize(); gl::Error prepareVertexData(const gl::Context *context, GLint start, GLsizei count, std::vector<TranslatedAttribute> *translatedAttribs, GLsizei instances); static void StoreDirectAttrib(TranslatedAttribute *directAttrib); static gl::Error StoreStaticAttrib(const gl::Context *context, TranslatedAttribute *translated); gl::Error storeDynamicAttribs(const gl::Context *context, std::vector<TranslatedAttribute> *translatedAttribs, const gl::AttributesMask &dynamicAttribsMask, GLint start, size_t count, GLsizei instances); // Promote static usage of dynamic buffers. static void PromoteDynamicAttribs(const gl::Context *context, const std::vector<TranslatedAttribute> &translatedAttribs, const gl::AttributesMask &dynamicAttribsMask, size_t count); gl::Error storeCurrentValue(const gl::VertexAttribCurrentValueData ¤tValue, TranslatedAttribute *translated, size_t attribIndex); private: struct CurrentValueState { CurrentValueState(); ~CurrentValueState(); std::unique_ptr<StreamingVertexBufferInterface> buffer; gl::VertexAttribCurrentValueData data; size_t offset; }; gl::Error reserveSpaceForAttrib(const TranslatedAttribute &translatedAttrib, GLint start, size_t count, GLsizei instances) const; gl::Error storeDynamicAttrib(const gl::Context *context, TranslatedAttribute *translated, GLint start, size_t count, GLsizei instances) const; BufferFactoryD3D *const mFactory; std::unique_ptr<StreamingVertexBufferInterface> mStreamingBuffer; std::vector<CurrentValueState> mCurrentValueCache; gl::AttributesMask mDynamicAttribsMaskCache; }; } // namespace rx #endif // LIBANGLE_RENDERER_D3D_VERTEXDATAMANAGER_H_