Inline memory transfer service offset bound update

Offset > 0 is already implicitly included in this if statement
(when `offset == 0` then `size > mDataLength` could safely assert it's invalid).
So we could remove it and use `offset > mDataLength` instead of `>=`.

Bug: chromium:1340654
Change-Id: Ieafe1ea6bef5aae29bc6ef2bd9702d6f7a92d8b5
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/95820
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Loko Kung <lokokung@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: Shrek Shao <shrekshao@google.com>
This commit is contained in:
Shrek Shao 2022-07-08 14:42:24 +00:00 committed by Dawn LUCI CQ
parent 2777cbc441
commit e1d0aa9f92
1 changed files with 1 additions and 1 deletions

View File

@ -55,7 +55,7 @@ class InlineMemoryTransferService : public MemoryTransferService {
deserializePointer == nullptr) { deserializePointer == nullptr) {
return false; return false;
} }
if ((offset >= mDataLength && offset > 0) || size > mDataLength - offset) { if (offset > mDataLength || size > mDataLength - offset) {
return false; return false;
} }
memcpy(static_cast<uint8_t*>(mTargetData) + offset, deserializePointer, size); memcpy(static_cast<uint8_t*>(mTargetData) + offset, deserializePointer, size);