Inline memory transfer service offset bound update
Offset > 0 is already implicitly included in this if statement (when `offset == 0` then `size > mDataLength` could safely assert it's invalid). So we could remove it and use `offset > mDataLength` instead of `>=`. Bug: chromium:1340654 Change-Id: Ieafe1ea6bef5aae29bc6ef2bd9702d6f7a92d8b5 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/95820 Reviewed-by: Corentin Wallez <cwallez@chromium.org> Reviewed-by: Loko Kung <lokokung@google.com> Kokoro: Kokoro <noreply+kokoro@google.com> Commit-Queue: Shrek Shao <shrekshao@google.com>
This commit is contained in:
parent
2777cbc441
commit
e1d0aa9f92
|
@ -55,7 +55,7 @@ class InlineMemoryTransferService : public MemoryTransferService {
|
||||||
deserializePointer == nullptr) {
|
deserializePointer == nullptr) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
if ((offset >= mDataLength && offset > 0) || size > mDataLength - offset) {
|
if (offset > mDataLength || size > mDataLength - offset) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
memcpy(static_cast<uint8_t*>(mTargetData) + offset, deserializePointer, size);
|
memcpy(static_cast<uint8_t*>(mTargetData) + offset, deserializePointer, size);
|
||||||
|
|
Loading…
Reference in New Issue