kc3-lang/angle/src/libANGLE/renderer/d3d/d3d11/MappedSubresourceVerifier11.cpp
-
Show log
Commit
-
Hash : a4c639c4
Author :
Date : 2019-06-03T14:04:01
D3D: Add a wrapper to Image11 that enables ASAN/MSAN to catch the errors on map operations The wrapper should be a no-op on builds with assertions disabled. The wrapper should be useful on ASAN and MSAN builds. gn args out/release-asan --args="is_debug=false is_asan=true" ninja -C out/release-asan angle_end2end_tests ^ out\release-asan\angle_end2end_tests ^ --gtest_filter=Texture2DArrayCopy.SnormFormats* --gtest_catch_exceptions=0 ^ --gtest_repeat=-1 Output when the fix payload of angleproject:2865 is removed: ... Repeating all tests (iteration 1) . . . Note: Google Test filter = Texture2DArrayCopy.SnormFormats* [==========] Running 1 test from 1 test suite. [----------] Global test environment set-up. [----------] 1 test from Texture2DArrayCopy [ RUN ] Texture2DArrayCopy.SnormFormats/ES3_D3D11 ================================================================= ==500==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x12b2c4777040 at pc 0x7fff9602216b bp 0x00c0eaafd090 sp 0x00c0eaafd0d8 READ of size 1 at 0x12b2c4777040 thread T0 #0 0x7fff9602216a in angle::R8G8B8A8::readColor c:\Users\kkinnunen\angle\src\image_util\imageformats.cpp:333 #1 0x7fff9618dbf0 in rx::CopyImageCHROMIUM c:\Users\kkinnunen\angle\src\libANGLE\renderer\renderer_utils.cpp:377 #2 0x7fff96186bb2 in rx::Image11::CopyImage c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\d3d11\Image11.cpp:113 #3 0x7fff95e90410 in rx::Renderer11::copyImage c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\d3d11\Renderer11.cpp:3009 #4 0x7fff9617b447 in rx::TextureD3D_2DArray::copyTexture c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\TextureD3D.cpp:3293 #5 0x7fff95afd7e1 in gl::Texture::copyTexture c:\Users\kkinnunen\angle\src\libANGLE\Texture.cpp:1196 #6 0x7fff95977f19 in gl::Context::copyTexture3D c:\Users\kkinnunen\angle\src\libANGLE\Context.cpp:4347 #7 0x7fff9568b04a in gl::CopyTexture3DANGLE c:\Users\kkinnunen\angle\src\libGLESv2\entry_points_gles_ext_autogen.cpp:57 #8 0x7ff7d1d8fc97 in angle::CopyTexture3DTest::testCopy c:\Users\kkinnunen\angle\src\tests\gl_tests\CopyTexture3DTest.cpp:90 #9 0x7ff7d1dadd10 in angle::Texture2DArrayCopy_SnormFormats_Test::TestBody c:\Users\kkinnunen\angle\src\tests\gl_tests\CopyTexture3DTest.cpp:1272 #10 0x7ff7d2c22891 in testing::Test::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:2522 #11 0x7ff7d2c243c0 in testing::TestInfo::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:2698 #12 0x7ff7d2c253e8 in testing::TestSuite::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:2828 #13 0x7ff7d2c3f33e in testing::internal::UnitTestImpl::RunAllTests c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:5285 #14 0x7ff7d2c3e72d in testing::UnitTest::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:4873 #15 0x7ff7d2bf10a2 in main c:\Users\kkinnunen\angle\src\tests\angle_end2end_tests_main.cpp:15 #16 0x7ff7d2d27897 in __scrt_common_main_seh f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:283 #17 0x7ff801ec7973 in BaseThreadInitThunk+0x13 (C:\WINDOWS\System32\KERNEL32.DLL+0x180017973) #18 0x7ff804cea270 in RtlUserThreadStart+0x20 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x18006a270) 0x12b2c4777040 is located 0 bytes to the right of 256-byte region [0x12b2c4776f40,0x12b2c4777040) allocated by thread T0 here: #0 0x7ff7d2c6d574 in malloc C:\b\s\w\ir\k\src\third_party\llvm\projects\compiler-rt\lib\asan\asan_malloc_win.cc:68 #1 0x7fff95af47b2 in angle::MemoryBuffer::resize c:\Users\kkinnunen\angle\src\common\MemoryBuffer.cpp:40 #2 0x7fff9648c9a6 in rx::MappedSubresourceVerifier11::wrap c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\d3d11\MappedSubresourceVerifier11.cpp:51 #3 0x7fff961864b5 in rx::Image11::map c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\d3d11\Image11.cpp:648 #4 0x7fff9618676c in rx::Image11::CopyImage c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\d3d11\Image11.cpp:93 #5 0x7fff95e90410 in rx::Renderer11::copyImage c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\d3d11\Renderer11.cpp:3009 #6 0x7fff9617b447 in rx::TextureD3D_2DArray::copyTexture c:\Users\kkinnunen\angle\src\libANGLE\renderer\d3d\TextureD3D.cpp:3293 #7 0x7fff95afd7e1 in gl::Texture::copyTexture c:\Users\kkinnunen\angle\src\libANGLE\Texture.cpp:1196 #8 0x7fff95977f19 in gl::Context::copyTexture3D c:\Users\kkinnunen\angle\src\libANGLE\Context.cpp:4347 #9 0x7fff9568b04a in gl::CopyTexture3DANGLE c:\Users\kkinnunen\angle\src\libGLESv2\entry_points_gles_ext_autogen.cpp:57 #10 0x7ff7d1d8fc97 in angle::CopyTexture3DTest::testCopy c:\Users\kkinnunen\angle\src\tests\gl_tests\CopyTexture3DTest.cpp:90 #11 0x7ff7d1dadd10 in angle::Texture2DArrayCopy_SnormFormats_Test::TestBody c:\Users\kkinnunen\angle\src\tests\gl_tests\CopyTexture3DTest.cpp:1272 #12 0x7ff7d2c22891 in testing::Test::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:2522 #13 0x7ff7d2c243c0 in testing::TestInfo::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:2698 #14 0x7ff7d2c253e8 in testing::TestSuite::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:2828 #15 0x7ff7d2c3f33e in testing::internal::UnitTestImpl::RunAllTests c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:5285 #16 0x7ff7d2c3e72d in testing::UnitTest::Run c:\Users\kkinnunen\angle\third_party\googletest\src\googletest\src\gtest.cc:4873 #17 0x7ff7d2bf10a2 in main c:\Users\kkinnunen\angle\src\tests\angle_end2end_tests_main.cpp:15 #18 0x7ff7d2d27897 in __scrt_common_main_seh f:\dd\vctools\crt\vcstartup\src\startup\exe_common.inl:283 #19 0x7ff801ec7973 in BaseThreadInitThunk+0x13 (C:\WINDOWS\System32\KERNEL32.DLL+0x180017973) #20 0x7ff804cea270 in RtlUserThreadStart+0x20 (C:\WINDOWS\SYSTEM32\ntdll.dll+0x18006a270) Bug: angleproject:2865 Change-Id: I6c8fc203d075014ba8ce31c728982eed73812d04 Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/1640212 Commit-Queue: Kimmo Kinnunen FI <kkinnunen@nvidia.com> Reviewed-by: Geoff Lang <geofflang@chromium.org>
-
src/libANGLE/renderer/d3d/d3d11/MappedSubresourceVerifier11.cpp
-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119
// // Copyright 2019 The ANGLE Project Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. // // MappedSubresourceVerifier11.cpp: Implements the // rx::MappedSubresourceVerifier11 class, a simple wrapper to D3D11 Texture2D // mapped memory so that ASAN and MSAN can catch memory errors done with a // pointer to the mapped texture memory. #include "libANGLE/renderer/d3d/d3d11/MappedSubresourceVerifier11.h" #include "libANGLE/renderer/d3d/d3d11/formatutils11.h" namespace rx { #if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) || defined(ANGLE_ENABLE_ASSERTS) namespace { # if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER) constexpr bool kUseWrap = true; # else constexpr bool kUseWrap = false; # endif size_t getPitchCount(const D3D11_TEXTURE2D_DESC &desc) { const d3d11::DXGIFormatSize &dxgiFormatInfo = d3d11::GetDXGIFormatSizeInfo(desc.Format); ASSERT(desc.Height % dxgiFormatInfo.blockHeight == 0); return desc.Height / dxgiFormatInfo.blockHeight; } } // namespace MappedSubresourceVerifier11::MappedSubresourceVerifier11() = default; MappedSubresourceVerifier11::~MappedSubresourceVerifier11() { ASSERT(!mOrigData); ASSERT(!mWrapData.size()); } void MappedSubresourceVerifier11::setDesc(const D3D11_TEXTURE2D_DESC &desc) { ASSERT(desc.CPUAccessFlags & (D3D11_CPU_ACCESS_READ | D3D11_CPU_ACCESS_WRITE)); ASSERT(desc.Width); ASSERT(desc.Height); ASSERT(!mOrigData); ASSERT(!mWrapData.size()); ASSERT(!mPitchType); ASSERT(!mPitchCount); mPitchType = &D3D11_MAPPED_SUBRESOURCE::RowPitch; mPitchCount = getPitchCount(desc); } void MappedSubresourceVerifier11::setDesc(const D3D11_TEXTURE3D_DESC &desc) { ASSERT(desc.CPUAccessFlags & (D3D11_CPU_ACCESS_READ | D3D11_CPU_ACCESS_WRITE)); ASSERT(desc.Width); ASSERT(desc.Height); ASSERT(desc.Depth); ASSERT(!mOrigData); ASSERT(!mWrapData.size()); ASSERT(!mPitchType); ASSERT(!mPitchCount); mPitchType = &D3D11_MAPPED_SUBRESOURCE::DepthPitch; mPitchCount = desc.Depth; } void MappedSubresourceVerifier11::reset() { ASSERT(!mOrigData); ASSERT(!mWrapData.size()); mPitchType = nullptr; mPitchCount = 0; } bool MappedSubresourceVerifier11::wrap(D3D11_MAP mapType, D3D11_MAPPED_SUBRESOURCE *map) { ASSERT(map && map->pData); ASSERT(mapType == D3D11_MAP_READ || mapType == D3D11_MAP_WRITE || mapType == D3D11_MAP_READ_WRITE); ASSERT(mPitchCount); if (kUseWrap) { if (!mWrapData.resize(mPitchCount * map->*mPitchType)) return false; } mOrigData = reinterpret_cast<uint8_t *>(map->pData); if (kUseWrap) { std::copy(mOrigData, mOrigData + mWrapData.size(), mWrapData.data()); map->pData = mWrapData.data(); } return true; } void MappedSubresourceVerifier11::unwrap() { ASSERT(mPitchCount); ASSERT(mOrigData); if (kUseWrap) { std::copy(mWrapData.data(), mWrapData.data() + mWrapData.size(), mOrigData); mWrapData = angle::MemoryBuffer(); } mOrigData = nullptr; } #endif } // namespace rx