BufferConsumer wraps a buffer pointer and size and exposes a
limited number of operations to get data while decrementing
the remaining available size. This makes it so that code
reading or writing into a buffer cannot easily consume more
bytes than available.
This CL guards against serialization overflows using
BufferConsumer, and it implements GetPtrFromBuffer
(for deserialization) on top of BufferConsumer. A future patch
will make the rest of the deserialization code use BufferConsumer.
Bug: dawn:680
Change-Id: Ic2bd6e7039e83ce70307c2ff47aaca9891c16d91
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/41780
Commit-Queue: Austin Eng <enga@chromium.org>
Reviewed-by: Stephen White <senorblanco@chromium.org>
It's come up multiple times that ASAN doesn't support
std::nothrow which leads to OOM bugs filed by the fuzzers.
Use a common helper to avoid this and return nullptr for large
allocations when ASAN is enabled.
Bug: none
Change-Id: I492b4ff4e498cf82d4ca08ba849671d3d16b9cfb
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/36280
Reviewed-by: Jiawei Shao <jiawei.shao@intel.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Commit-Queue: Austin Eng <enga@chromium.org>
Fix build breakage in libstdc++:
../../third_party/dawn/src/dawn_wire/ChunkedCommandSerializer.h:84:34: error: ‘unique_ptr’ is not a member of ‘std’
84 | auto cmdSpace = std::unique_ptr<char[]>(new (std::nothrow) char[requiredSize]);
| ^~~~~~~~~~
../../third_party/dawn/src/dawn_wire/ChunkedCommandSerializer.h:24:1: note: ‘std::unique_ptr’ is defined in header ‘<memory>’; did you forget to ‘#include <memory>’?
Bug: chromium:957519
Change-Id: I35b129225882a3f9b758c4f49d1a3cace22aacfe
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/30600
Commit-Queue: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
This CL adds support for chunking large commands by first serializing
large commands first into a separate buffer, and then sending the
buffer data chunk by chunk.
This code path is used for large writeBuffer and writeTexture, as well
as the inline memory transfer service for buffer mapping. The transfer
for writeBuffer and writeTexture will be optimized further in Chrome,
and the inline memory transfer service is currently used only in tests.
Bug: chromium:1123861, chromium:951558
Change-Id: I02491a44e653e2383174958d9c3d4a4db6fd7bde
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/28882
Commit-Queue: Austin Eng <enga@chromium.org>
Reviewed-by: Stephen White <senorblanco@chromium.org>