Google Git
Sign in
swiftshader / SwiftShader / bf71e841d2949e0bf44e692eb9a84cc3a16fd2d0^! / .
commitbf71e841d2949e0bf44e692eb9a84cc3a16fd2d0[log] [tgz]
authorAlexis Hetu <sugoi@google.com>Wed Dec 07 15:21:30 2022 -0500
committerswiftshader-scoped@luci-project-accounts.iam.gserviceaccount.com <swiftshader-scoped@luci-project-accounts.iam.gserviceaccount.com>Wed Dec 07 21:40:18 2022 +0000
treeaf6e3ff8ea728792bcbf98eaac995bd2b1832554
parentaf0156d8741265403f343d1ddbe00302906737f6 [diff]
Add early exits for OOB index buffer offset or first index

This CL adds early exits if:
- The offset used for the index buffer is larger or equal to
  the entire buffer's size
- The first vertex is larger than the maximum number of
  vertices contained in the index buffer

Tests: dEQP-VK.robustness.index_access.draw_indexed*
Bug: b/196822081
Change-Id: I80c156af65a841ca33fcceb6b560d38fb6d8d5e2
Reviewed-on: https://swiftshader-review.googlesource.com/c/SwiftShader/+/70168
Reviewed-by: Jonah Ryan-Davis <jonahr@google.com>
Kokoro-Result: kokoro <noreply+kokoro@google.com>
Commit-Queue: Alexis Hétu <sugoi@google.com>
Presubmit-Ready: Alexis Hétu <sugoi@google.com>
Tested-by: Alexis Hétu <sugoi@google.com>

diff --git a/src/Device/Context.cpp b/src/Device/Context.cpp
index 72bc615..0d88fce 100644
--- a/src/Device/Context.cpp
+++ b/src/Device/Context.cpp

@@ -202,9 +202,9 @@
 
 namespace vk {
 
-int IndexBuffer::bytesPerIndex() const
+uint32_t IndexBuffer::bytesPerIndex() const
 {
-	return indexType == VK_INDEX_TYPE_UINT16 ? 2 : 4;
+	return indexType == VK_INDEX_TYPE_UINT16 ? 2u : 4u;
 }
 
 void IndexBuffer::setIndexBufferBinding(const VertexInputBinding &indexBufferBinding, VkIndexType type)
@@ -217,6 +217,18 @@
 {
 	if(indexed)
 	{
+		const VkDeviceSize bufferSize = binding.buffer->getSize();
+		if(binding.offset >= bufferSize)
+		{
+			return;  // Nothing to draw
+		}
+
+		const VkDeviceSize maxIndices = (bufferSize - binding.offset) / bytesPerIndex();
+		if(first > maxIndices)
+		{
+			return;  // Nothing to draw
+		}
+
 		void *indexBuffer = binding.buffer->getOffsetPointer(binding.offset + first * bytesPerIndex());
 		if(hasPrimitiveRestartEnable)
 		{

diff --git a/src/Device/Context.hpp b/src/Device/Context.hpp
index 55257d4..fc0f911 100644
--- a/src/Device/Context.hpp
+++ b/src/Device/Context.hpp

@@ -47,7 +47,7 @@
 	void getIndexBuffers(VkPrimitiveTopology topology, uint32_t count, uint32_t first, bool indexed, bool hasPrimitiveRestartEnable, std::vector<std::pair<uint32_t, void *>> *indexBuffers) const;
 
 private:
-	int bytesPerIndex() const;
+	uint32_t bytesPerIndex() const;
 
 	VertexInputBinding binding;
 	VkIndexType indexType;