Prevent size overflow for sub-allocation.

D3D/VK driver may return a size larger than requested and could cause PowerOfTwo() to overflow. This change adds a check to ensure the size is within the limit before attempting sub-allocation. BUG=dawn:27 Change-Id: I2b2ce727abff953642a69b65c8f30be8e53e562d Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/23060 Reviewed-by: Austin Eng <enga@chromium.org> Reviewed-by: Corentin Wallez <cwallez@chromium.org> Commit-Queue: Bryan Bernhart <bryan.bernhart@intel.com>
2020-06-11 18:58:26 +00:00 · 2020-06-11 18:58:26 +00:00 · c7778a27cb
parent 265fb062be
commit c7778a27cb
2 changed files with 16 additions and 0 deletions
--- a/src/dawn_native/BuddyMemoryAllocator.cpp
+++ b/src/dawn_native/BuddyMemoryAllocator.cpp
@ -45,6 +45,11 @@ namespace dawn_native {
            return std::move(invalidAllocation);
        }

+        // Check the unaligned size to avoid overflowing NextPowerOfTwo.
+        if (allocationSize > mMemoryBlockSize) {
+            return std::move(invalidAllocation);
+        }
+
        // Round allocation size to nearest power-of-two.
        allocationSize = NextPowerOfTwo(allocationSize);

--- a/src/tests/unittests/BuddyMemoryAllocatorTests.cpp
+++ b/src/tests/unittests/BuddyMemoryAllocatorTests.cpp
@ -345,3 +345,14 @@ TEST(BuddyMemoryAllocatorTests, VariousSizeSameAlignment) {

    ASSERT_EQ(allocator.ComputeTotalNumOfHeapsForTesting(), 3u);
 }
+
+// Verify allocating a very large resource does not overflow.
+TEST(BuddyMemoryAllocatorTests, AllocationOverflow) {
+    constexpr uint64_t heapSize = 128;
+    constexpr uint64_t maxBlockSize = 512;
+    DummyBuddyResourceAllocator allocator(maxBlockSize, heapSize);
+
+    constexpr uint64_t largeBlock = (1ull << 63) + 1;
+    ResourceMemoryAllocation invalidAllocation = allocator.Allocate(largeBlock);
+    ASSERT_EQ(invalidAllocation.GetInfo().mMethod, AllocationMethod::kInvalid);
+}