encounter
/
dawn-cmake
mirror of https://github.com/encounter/dawn-cmake.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

DawnWireAndFrontendFuzzer: skip SwapChainBuilderSetImplementation 

SetImplementation takes a pointer and would be shimmed by browsers so we
skip the call in the fuzzer, otherwise we'd dereference arbitrary
pointers.

BUG=chromium:906391

Change-Id: I61d8d729d3fb242e8ddf7452a88a653e05a82cc2
Reviewed-on: https://dawn-review.googlesource.com/c/2562
Reviewed-by: Dan Sinclair <dsinclair@google.com>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
This commit is contained in:
Corentin Wallez 2018-11-20 09:30:15 +00:00 committed by Commit Bot service account
parent c1bb72c5d2
commit ece004fd69
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp
View File

@ -35,8 +35,14 @@ class DevNull : public dawn_wire::CommandSerializer {
std::vector<char> buf; std::vector<char> buf;
}; };
void SkipSwapChainBuilderSetImplementation(dawnSwapChainBuilder builder, uint64_t) {
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) { extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
dawnProcTable procs = dawn_native::GetProcs(); dawnProcTable procs = dawn_native::GetProcs();
// SwapChainSetImplementation receives a pointer, skip calls to it as they would be intercepted
// in embedders or dawn_wire too.
procs.swapChainBuilderSetImplementation = SkipSwapChainBuilderSetImplementation;
dawnSetProcs(&procs); dawnSetProcs(&procs);
dawn::Device nullDevice = dawn::Device::Acquire(dawn_native::null::CreateDevice()); dawn::Device nullDevice = dawn::Device::Acquire(dawn_native::null::CreateDevice());