From ece004fd69e1a5584032de048372b102f5965519 Mon Sep 17 00:00:00 2001
From: Corentin Wallez <cwallez@chromium.org>
Date: Tue, 20 Nov 2018 09:30:15 +0000
Subject: [PATCH] DawnWireAndFrontendFuzzer: skip
 SwapChainBuilderSetImplementation

SetImplementation takes a pointer and would be shimmed by browsers so we
skip the call in the fuzzer, otherwise we'd dereference arbitrary
pointers.

BUG=chromium:906391

Change-Id: I61d8d729d3fb242e8ddf7452a88a653e05a82cc2
Reviewed-on: https://dawn-review.googlesource.com/c/2562
Reviewed-by: Dan Sinclair <dsinclair@google.com>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
---
 src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp b/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp
index 7a993df1d0..f677892152 100644
--- a/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp
+++ b/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp
@@ -35,8 +35,14 @@ class DevNull : public dawn_wire::CommandSerializer {
     std::vector<char> buf;
 };
 
+void SkipSwapChainBuilderSetImplementation(dawnSwapChainBuilder builder, uint64_t) {
+}
+
 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     dawnProcTable procs = dawn_native::GetProcs();
+    // SwapChainSetImplementation receives a pointer, skip calls to it as they would be intercepted
+    // in embedders or dawn_wire too.
+    procs.swapChainBuilderSetImplementation = SkipSwapChainBuilderSetImplementation;
     dawnSetProcs(&procs);
 
     dawn::Device nullDevice = dawn::Device::Acquire(dawn_native::null::CreateDevice());