mirror of
https://github.com/encounter/dawn-cmake.git
synced 2025-10-23 18:25:51 +00:00
WireCmd: guard against overflows when computing array sizes
BUG=chromium:918094 BUG=chromium:918348 BUG=chromium:918260 Change-Id: Ia2ee8930592e436e8d0d76837b70e726e8d87ea7 Reviewed-on: https://dawn-review.googlesource.com/c/3620 Reviewed-by: Stephen White <senorblanco@chromium.org> Reviewed-by: Kai Ninomiya <kainino@chromium.org> Commit-Queue: Corentin Wallez <cwallez@chromium.org>
This commit is contained in:
parent
6e308846c2
commit
a19c759bc4
@ -17,6 +17,7 @@
|
|||||||
#include "common/Assert.h"
|
#include "common/Assert.h"
|
||||||
|
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
|
#include <limits>
|
||||||
|
|
||||||
//* Helper macros so that the main [de]serialization functions can be written in a generic manner.
|
//* Helper macros so that the main [de]serialization functions can be written in a generic manner.
|
||||||
|
|
||||||
@ -288,7 +289,11 @@ namespace dawn_wire {
|
|||||||
// Returns FatalError if not enough memory was available
|
// Returns FatalError if not enough memory was available
|
||||||
template <typename T>
|
template <typename T>
|
||||||
DeserializeResult GetPtrFromBuffer(const char** buffer, size_t* size, size_t count, const T** data) {
|
DeserializeResult GetPtrFromBuffer(const char** buffer, size_t* size, size_t count, const T** data) {
|
||||||
// TODO(cwallez@chromium.org): For robustness we would need to handle overflows here.
|
constexpr size_t kMaxCountWithoutOverflows = std::numeric_limits<size_t>::max() / sizeof(T);
|
||||||
|
if (count > kMaxCountWithoutOverflows) {
|
||||||
|
return DeserializeResult::FatalError;
|
||||||
|
}
|
||||||
|
|
||||||
size_t totalSize = sizeof(T) * count;
|
size_t totalSize = sizeof(T) * count;
|
||||||
if (totalSize > *size) {
|
if (totalSize > *size) {
|
||||||
return DeserializeResult::FatalError;
|
return DeserializeResult::FatalError;
|
||||||
@ -305,7 +310,11 @@ namespace dawn_wire {
|
|||||||
// Return FatalError if the allocator couldn't allocate the memory.
|
// Return FatalError if the allocator couldn't allocate the memory.
|
||||||
template <typename T>
|
template <typename T>
|
||||||
DeserializeResult GetSpace(DeserializeAllocator* allocator, size_t count, T** out) {
|
DeserializeResult GetSpace(DeserializeAllocator* allocator, size_t count, T** out) {
|
||||||
// TODO(cwallez@chromium.org): For robustness we would need to handle overflows here.
|
constexpr size_t kMaxCountWithoutOverflows = std::numeric_limits<size_t>::max() / sizeof(T);
|
||||||
|
if (count > kMaxCountWithoutOverflows) {
|
||||||
|
return DeserializeResult::FatalError;
|
||||||
|
}
|
||||||
|
|
||||||
size_t totalSize = sizeof(T) * count;
|
size_t totalSize = sizeof(T) * count;
|
||||||
*out = static_cast<T*>(allocator->GetSpace(totalSize));
|
*out = static_cast<T*>(allocator->GetSpace(totalSize));
|
||||||
if (*out == nullptr) {
|
if (*out == nullptr) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user