Google Git
Sign in
swiftshader / SwiftShader / c66681be4bc9bc66465c9a2bb9dc87e6384f1f0c^! / .
commitc66681be4bc9bc66465c9a2bb9dc87e6384f1f0c[log] [tgz]
authorJonah Ryan-Davis <jonahr@google.com>Mon May 11 14:51:46 2020 -0400
committerJonah Ryan-Davis <jonahr@google.com>Wed May 13 17:33:20 2020 +0000
tree0a7bbd3411353de47edd27df8929128bdf9a67b6
parent64da65bd1bd54addc8ab0e74a946e299f16ffa4c [diff]
Wrap Xcb reply call for error handling

The reply function for xcb_get_geometry was called without handling errors,
causing a null-dereference in the fuzzer. These calls should be wrapped and
handled safely.

Bug: chromium:1080987
Change-Id: Ie1377909b68375fa9bc6eb54bdcbfda0627fd680
Reviewed-on: https://swiftshader-review.googlesource.com/c/SwiftShader/+/45068
Presubmit-Ready: Jonah Ryan-Davis <jonahr@google.com>
Reviewed-by: Alexis Hétu <sugoi@google.com>
Reviewed-by: Nicolas Capens <nicolascapens@google.com>
Kokoro-Result: kokoro <noreply+kokoro@google.com>
Tested-by: Jonah Ryan-Davis <jonahr@google.com>

diff --git a/src/WSI/XcbSurfaceKHR.cpp b/src/WSI/XcbSurfaceKHR.cpp
index 56f0ee2..6f2f27f 100644
--- a/src/WSI/XcbSurfaceKHR.cpp
+++ b/src/WSI/XcbSurfaceKHR.cpp

@@ -87,6 +87,24 @@
 
 LibXcb libXcb;
 
+VkExtent2D getWindowSize(xcb_connection_t *connection, xcb_window_t window)
+{
+	VkExtent2D windowExtent = { 0, 0 };
+	xcb_generic_error_t *error = nullptr;
+	auto geom = libXcb->xcb_get_geometry_reply(connection, libXcb->xcb_get_geometry(connection, window), &error);
+	if(error)
+	{
+		free(error);
+	}
+	else
+	{
+		windowExtent.width = static_cast<uint32_t>(geom->width);
+		windowExtent.height = static_cast<uint32_t>(geom->height);
+	}
+	free(geom);
+	return windowExtent;
+}
+
 }  // anonymous namespace
 
 namespace vk {
@@ -110,9 +128,7 @@
 {
 	SurfaceKHR::getSurfaceCapabilities(pSurfaceCapabilities);
 
-	auto geom = libXcb->xcb_get_geometry_reply(connection, libXcb->xcb_get_geometry(connection, window), nullptr);
-	VkExtent2D extent = { static_cast<uint32_t>(geom->width), static_cast<uint32_t>(geom->height) };
-	free(geom);
+	VkExtent2D extent = getWindowSize(connection, window);
 
 	pSurfaceCapabilities->currentExtent = extent;
 	pSurfaceCapabilities->minImageExtent = extent;
@@ -144,9 +160,7 @@
 	auto it = graphicsContexts.find(image);
 	if(it != graphicsContexts.end())
 	{
-		auto geom = libXcb->xcb_get_geometry_reply(connection, libXcb->xcb_get_geometry(connection, window), nullptr);
-		VkExtent2D windowExtent = { static_cast<uint32_t>(geom->width), static_cast<uint32_t>(geom->height) };
-		free(geom);
+		VkExtent2D windowExtent = getWindowSize(connection, window);
 		VkExtent3D extent = image->getImage()->getMipLevelExtent(VK_IMAGE_ASPECT_COLOR_BIT, 0);
 
 		if(windowExtent.width != extent.width || windowExtent.height != extent.height)