Don't load non-SwiftShader ICDs when fuzzing with MSAN

Other drivers don't have MSAN instrumentation, so MSAN produces many false positives since it can't track changes to memory from uninstrumented libraries. Also, implement AllocNoThrow for MSAN to return nullptr on large allocations. Local fuzzing found MSAN didn't implement std::nothrow. Fixed: chromium:1333180 Change-Id: I4f3d2c04496a25ba6ebe414d6d5c3c5850a70fec Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/92820 Reviewed-by: Loko Kung <lokokung@google.com> Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Austin Eng <enga@chromium.org>
2022-06-08 15:36:51 +00:00 · 2022-06-08 15:36:51 +00:00 · 32c32854be
parent a4666888a4
commit 32c32854be
2 changed files with 7 additions and 2 deletions
--- a/src/dawn/common/Alloc.h
+++ b/src/dawn/common/Alloc.h
@ -20,9 +20,9 @@

 template <typename T>
 T* AllocNoThrow(size_t count) {
-#if defined(ADDRESS_SANITIZER)
+#if defined(ADDRESS_SANITIZER) || defined(MEMORY_SANITIZER)
    if (count * sizeof(T) >= 0x70000000) {
-        // std::nothrow isn't implemented on ASAN and it has a 2GB allocation limit.
+        // std::nothrow isn't implemented in sanitizers and they often have a 2GB allocation limit.
        // Catch large allocations and error out so fuzzers make progress.
        return nullptr;
    }
--- a/src/dawn/native/vulkan/BackendVk.cpp
+++ b/src/dawn/native/vulkan/BackendVk.cpp
@ -89,7 +89,12 @@ namespace dawn::native::vulkan {
 namespace {

 static constexpr ICD kICDs[] = {
+// Other drivers should not be loaded with MSAN because they don't have MSAN instrumentation.
+// MSAN will produce false positives since it cannot detect changes to memory that the driver
+// has made.
+#if !defined(MEMORY_SANITIZER)
    ICD::None,
+#endif
 #if defined(DAWN_ENABLE_SWIFTSHADER)
    ICD::SwiftShader,
 #endif  // defined(DAWN_ENABLE_SWIFTSHADER)