From ff77ffee1a65f68adeb225aa797f51d3dc33ba00 Mon Sep 17 00:00:00 2001
From: Corentin Wallez <cwallez@chromium.org>
Date: Wed, 8 Apr 2020 12:09:25 +0000
Subject: [PATCH] Fix wgpu::WholeSize to count until the end of the buffer.

Bug: dawn:377
Change-Id: Ia829ec05e5dd6a218b7f1c1bb7bdaf39088bdf70
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/18960
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
---
 src/dawn_native/BindGroup.cpp                            | 9 ++++++++-
 .../unittests/validation/BindGroupValidationTests.cpp    | 4 +++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/dawn_native/BindGroup.cpp b/src/dawn_native/BindGroup.cpp
index 46336981cb..c81a2cca11 100644
--- a/src/dawn_native/BindGroup.cpp
+++ b/src/dawn_native/BindGroup.cpp
@@ -38,7 +38,14 @@ namespace dawn_native {
             DAWN_TRY(device->ValidateObject(binding.buffer));
 
             uint64_t bufferSize = binding.buffer->GetSize();
-            uint64_t bindingSize = (binding.size == wgpu::kWholeSize) ? bufferSize : binding.size;
+
+            // Handle wgpu::WholeSize, avoiding overflows.
+            if (binding.offset > bufferSize) {
+                return DAWN_VALIDATION_ERROR("Buffer binding doesn't fit in the buffer");
+            }
+            uint64_t bindingSize =
+                (binding.size == wgpu::kWholeSize) ? bufferSize - binding.offset : binding.size;
+
             if (bindingSize > bufferSize) {
                 return DAWN_VALIDATION_ERROR("Buffer binding size larger than the buffer");
             }
diff --git a/src/tests/unittests/validation/BindGroupValidationTests.cpp b/src/tests/unittests/validation/BindGroupValidationTests.cpp
index 226e121441..acf4c60b65 100644
--- a/src/tests/unittests/validation/BindGroupValidationTests.cpp
+++ b/src/tests/unittests/validation/BindGroupValidationTests.cpp
@@ -429,6 +429,9 @@ TEST_F(BindGroupValidationTest, BufferBindingOOB) {
     utils::MakeBindGroup(device, layout, {{0, buffer, 0, 1024}});
     utils::MakeBindGroup(device, layout, {{0, buffer, 0, wgpu::kWholeSize}});
 
+    // Success case, whole size causes the rest of the buffer to be used but not beyond.
+    utils::MakeBindGroup(device, layout, {{0, buffer, 256, wgpu::kWholeSize}});
+
     // Error case, offset is OOB
     ASSERT_DEVICE_ERROR(utils::MakeBindGroup(device, layout, {{0, buffer, 256*5, 0}}));
 
@@ -437,7 +440,6 @@ TEST_F(BindGroupValidationTest, BufferBindingOOB) {
 
     // Error case, offset+size is OOB
     ASSERT_DEVICE_ERROR(utils::MakeBindGroup(device, layout, {{0, buffer, 1024, 256}}));
-    ASSERT_DEVICE_ERROR(utils::MakeBindGroup(device, layout, {{0, buffer, 256, wgpu::kWholeSize}}));
 
     // Error case, offset+size overflows to be 0
     ASSERT_DEVICE_ERROR(utils::MakeBindGroup(device, layout, {{0, buffer, 256, uint32_t(0) - uint32_t(256)}}));