QueueSumit: Validate commands != nullptr before checking they are valid

device->ValidateObject dereferences the object and would crash when
the command buffers are nullptr. This issue would have disappeared when
WebGPU error handling is implemented for command buffers. We still fix
it now to please fuzzers.

BUG=dawn:8
BUG=chromium:931880

Change-Id: Ia9d89ebdde9e2ac93de58da2201708c400a712c7
Reviewed-on: https://dawn-review.googlesource.com/c/4740
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
This commit is contained in:
Corentin Wallez 2019-02-14 18:13:47 +00:00 committed by Commit Bot service account
parent 6fe9b9821a
commit 0f0c40de68
1 changed files with 2 additions and 2 deletions

View File

@ -51,14 +51,14 @@ namespace dawn_native {
DAWN_TRY(GetDevice()->ValidateObject(this)); DAWN_TRY(GetDevice()->ValidateObject(this));
for (uint32_t i = 0; i < numCommands; ++i) { for (uint32_t i = 0; i < numCommands; ++i) {
DAWN_TRY(GetDevice()->ValidateObject(commands[i]));
// TODO(cwallez@chromium.org): Remove this once CommandBufferBuilder doesn't use the // TODO(cwallez@chromium.org): Remove this once CommandBufferBuilder doesn't use the
// builder mechanism anymore. // builder mechanism anymore.
if (commands[i] == nullptr) { if (commands[i] == nullptr) {
return DAWN_VALIDATION_ERROR("Command buffers cannot be null"); return DAWN_VALIDATION_ERROR("Command buffers cannot be null");
} }
DAWN_TRY(GetDevice()->ValidateObject(commands[i]));
const CommandBufferResourceUsage& usages = commands[i]->GetResourceUsages(); const CommandBufferResourceUsage& usages = commands[i]->GetResourceUsages();
for (const PassResourceUsage& passUsages : usages.perPass) { for (const PassResourceUsage& passUsages : usages.perPass) {