encounter
/
dawn-cmake
mirror of https://github.com/encounter/dawn-cmake.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
dawn-cmake/test/tint/bug
History
Ben Clayton c33d10ae79 tint/resolver: Fix bad pointer deref (UAF) 
Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.

I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.

Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
 		2022-11-13 18:26:25 +00:00
..
chromium tint/resolver: Fix bad pointer deref (UAF) 2022-11-13 18:26:25 +00:00
dawn tint: Use "demote-to-helper" semantics for discard 2022-11-09 19:58:59 +00:00
fxc Tint/transform: make AddBlockAttribute always do wrapping if possible 2022-11-02 02:25:38 +00:00
tint tint/transform: Implement div / mod polyfill 2022-11-09 22:04:11 +00:00