Google Git
Sign in
swiftshader / SwiftShader / 29364a0595bc52a8b80e8c286cf6a373d419b4f6^! / . / src / Shader / PixelRoutine.cpp
commit29364a0595bc52a8b80e8c286cf6a373d419b4f6[log] [tgz]
authorSean Risser <srisser@google.com>Tue May 28 12:50:28 2019 -0400
committerSean Risser <srisser@google.com>Wed May 29 18:57:54 2019 +0000
tree2cf5b2bb5c7c4b7859483b44c66e104886796fbb
parent9555830f4eb434a2dbb3ac4bcb58fa7ce361d2c4 [diff] [blame]
Fix buffer overflow on Mac

For OpenGL on Mac, Swiftshader renders directly to the IOSurface given
to us by the OS. This surface is not necessarily vertically padded so
its height is a multiple of 2. Since we render 4 pixels at a time in a
quad, the bottom 2 pixels may not be written to legal memory if the
height of the target surface is an odd number.

This change prevents Swiftshader from rendering quads on Mac if doing so
would overflow the buffer.

Bug: chromium:944796
Bug: angleproject:2764

Change-Id: I08bec895980b42f99b8a4434969edcaf7d331284
Reviewed-on: https://swiftshader-review.googlesource.com/c/SwiftShader/+/32030
Presubmit-Ready: Sean Risser <srisser@google.com>
Reviewed-by: Nicolas Capens <nicolascapens@google.com>
Reviewed-by: Alexis Hétu <sugoi@google.com>
Kokoro-Presubmit: kokoro <noreply+kokoro@google.com>
Tested-by: Sean Risser <srisser@google.com>

diff --git a/src/Shader/PixelRoutine.cpp b/src/Shader/PixelRoutine.cpp
index 146e42d..12040fd 100644
--- a/src/Shader/PixelRoutine.cpp
+++ b/src/Shader/PixelRoutine.cpp

@@ -48,7 +48,7 @@
 	{
 	}
 
-	void PixelRoutine::quad(Pointer<Byte> cBuffer[RENDERTARGETS], Pointer<Byte> &zBuffer, Pointer<Byte> &sBuffer, Int cMask[4], Int &x, Int &y)
+	void PixelRoutine::quad(Pointer<Byte> cBuffer[RENDERTARGETS], Pointer<Byte> &zBuffer, Pointer<Byte> &sBuffer, Int cMask[4], Int &x)
 	{
 		#if PERF_PROFILE
 			Long pipeTime = Ticks();
@@ -1684,10 +1684,17 @@
 					c23 |= masked;
 				}
 
-				c23 &= *Pointer<Short4>(constants + OFFSET(Constants,maskD23Q) + xMask * 8);
-				value &= *Pointer<Short4>(constants + OFFSET(Constants,invMaskD23Q) + xMask * 8);
-				c23 |= value;
-				*Pointer<Short4>(buffer) = c23;
+#ifdef __APPLE__
+				// On Mac we render directly to an IOSurface that isn't vertically padded. So we
+				// only render the bottom half of quads when it won't overflow the buffer.
+				If ((y + 1) < yMax)
+#endif
+				{
+					c23 &= *Pointer<Short4>(constants + OFFSET(Constants,maskD23Q) + xMask * 8);
+					value &= *Pointer<Short4>(constants + OFFSET(Constants,invMaskD23Q) + xMask * 8);
+					c23 |= value;
+					*Pointer<Short4>(buffer) = c23;
+				}
 			}
 			break;
 		case FORMAT_A8B8G8R8: