encounter
/
dawn-cmake
mirror of https://github.com/encounter/dawn-cmake.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tint: fix undetected overflow in const-eval refract 

Bug: oss-fuzz:58526
Change-Id: I59a2e9151036da6aba83c523605664b54002f3dc
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/131342
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Ben Clayton <bclayton@google.com>
This commit is contained in:
Antonio Maiorano 2023-05-04 08:42:15 +00:00 committed by Dawn LUCI CQ
parent c81bc4521f
commit f789854a94
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/tint/resolver/const_eval.cc
View File

@ -3318,7 +3318,7 @@ ConstEval::Result ConstEval::refract(const type::Type* ty,
return utils::Failure;
}
auto e2_scaled = Mul(source, ty, e2_scale.Get(), e2);
if (!e1_scaled) {
if (!e2_scaled) {
return utils::Failure;
}
return Sub(source, ty, e1_scaled.Get(), e2_scaled.Get());

8
src/tint/resolver/const_eval_builtin_test.cc
View File

@ -2288,6 +2288,14 @@ std::vector<Case> RefractCases() {
// Overflow the k^2 operation
E({down_right, pos_y, Val(T::Highest())}, error_msg(T::Highest(), "*", T::Highest())),
});
ConcatIntoIf<std::is_same_v<T, f32>>( //
r, std::vector<Case>{
// Overflow the final multiply by e2 operation
// From https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58526
E({Vec(T(-2.22218755e-15), T(0)), Vec(T(-198225753253481323832809619456.0), T(0)),
Val(T(40.0313720703125))},
error_msg(T(35267222007971840.0), "*", T(-198225753253481323832809619456.0))),
});
return r;
}