From 9a2174a37cfdc771a9c7a494e6fb773c541bd941 Mon Sep 17 00:00:00 2001 From: Austin Eng Date: Tue, 2 Feb 2021 04:20:09 +0000 Subject: [PATCH] Pass the buffer size into DeserializeWGPUDeviceProperties This allows deserialization to fail if the buffer is not large enough. Before, we simply assumed the buffer was at least the size of WGPUDeviceProperties. Bug: none Change-Id: I24e1f84c583f48d4e32c35276e5508e257e9f530 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/39861 Auto-Submit: Austin Eng Reviewed-by: Stephen White Commit-Queue: Austin Eng --- generator/templates/dawn_wire/WireCmd.cpp | 12 ++++++++---- src/include/dawn_wire/Wire.h | 4 +++- .../wire/WireWGPUDevicePropertiesTests.cpp | 18 +++++++++++++++++- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/generator/templates/dawn_wire/WireCmd.cpp b/generator/templates/dawn_wire/WireCmd.cpp index 60640f7c68..8199888cbb 100644 --- a/generator/templates/dawn_wire/WireCmd.cpp +++ b/generator/templates/dawn_wire/WireCmd.cpp @@ -687,16 +687,20 @@ namespace dawn_wire { } bool DeserializeWGPUDeviceProperties(WGPUDeviceProperties* deviceProperties, - const volatile char* deserializeBuffer) { - size_t devicePropertiesSize = SerializedWGPUDevicePropertiesSize(deviceProperties); + const volatile char* deserializeBuffer, + size_t deserializeBufferSize) { + if (deserializeBufferSize == 0) { + // TODO(enga): Remove this after updating Chromium. + deserializeBufferSize = SerializedWGPUDevicePropertiesSize(deviceProperties); + } const volatile WGPUDevicePropertiesTransfer* transfer = nullptr; - if (GetPtrFromBuffer(&deserializeBuffer, &devicePropertiesSize, 1, &transfer) != + if (GetPtrFromBuffer(&deserializeBuffer, &deserializeBufferSize, 1, &transfer) != DeserializeResult::Success) { return false; } return WGPUDevicePropertiesDeserialize(deviceProperties, transfer, &deserializeBuffer, - &devicePropertiesSize, + &deserializeBufferSize, nullptr) == DeserializeResult::Success; } diff --git a/src/include/dawn_wire/Wire.h b/src/include/dawn_wire/Wire.h index 5d5d1bebda..805fefffc2 100644 --- a/src/include/dawn_wire/Wire.h +++ b/src/include/dawn_wire/Wire.h @@ -49,8 +49,10 @@ namespace dawn_wire { const WGPUDeviceProperties* deviceProperties, char* serializeBuffer); + // TODO(enga): Remove the default value after updating Chromium. DAWN_WIRE_EXPORT bool DeserializeWGPUDeviceProperties(WGPUDeviceProperties* deviceProperties, - const volatile char* deserializeBuffer); + const volatile char* deserializeBuffer, + size_t deserializeBufferSize = 0); } // namespace dawn_wire diff --git a/src/tests/unittests/wire/WireWGPUDevicePropertiesTests.cpp b/src/tests/unittests/wire/WireWGPUDevicePropertiesTests.cpp index 120e4a9aba..3d97e105c1 100644 --- a/src/tests/unittests/wire/WireWGPUDevicePropertiesTests.cpp +++ b/src/tests/unittests/wire/WireWGPUDevicePropertiesTests.cpp @@ -34,8 +34,24 @@ TEST_F(WireWGPUDevicePropertiesTests, SerializeWGPUDeviceProperties) { dawn_wire::SerializeWGPUDeviceProperties(&sentWGPUDeviceProperties, buffer.data()); WGPUDeviceProperties receivedWGPUDeviceProperties; - dawn_wire::DeserializeWGPUDeviceProperties(&receivedWGPUDeviceProperties, buffer.data()); + ASSERT_TRUE(dawn_wire::DeserializeWGPUDeviceProperties(&receivedWGPUDeviceProperties, + buffer.data(), buffer.size())); ASSERT_TRUE(receivedWGPUDeviceProperties.textureCompressionBC); ASSERT_FALSE(receivedWGPUDeviceProperties.pipelineStatisticsQuery); ASSERT_TRUE(receivedWGPUDeviceProperties.timestampQuery); } + +// Test that deserialization if the buffer is just one byte too small fails. +TEST_F(WireWGPUDevicePropertiesTests, DeserializeBufferTooSmall) { + WGPUDeviceProperties sentWGPUDeviceProperties = {}; + + size_t sentWGPUDevicePropertiesSize = + dawn_wire::SerializedWGPUDevicePropertiesSize(&sentWGPUDeviceProperties); + std::vector buffer; + buffer.resize(sentWGPUDevicePropertiesSize); + dawn_wire::SerializeWGPUDeviceProperties(&sentWGPUDeviceProperties, buffer.data()); + + WGPUDeviceProperties receivedWGPUDeviceProperties; + ASSERT_FALSE(dawn_wire::DeserializeWGPUDeviceProperties(&receivedWGPUDeviceProperties, + buffer.data(), buffer.size() - 1)); +}