ba68620f6f
This removes a serialization optimization where structs could be memcpy'ed. memcpy is still used for deserialization of structs. Structs may contain padding bytes which when copied can leak uninitialized data across a trusted boundary. In Chrome, this means previously-written or uninitialized bytes in the GPU process could leak into the Renderer process. In the future, we may be able to bring this back by introducing a concept of safe-to-memcpy structs, or by forking the code so that Renderer->GPU process uses the unsafe memcpy, and GPU->Renderer uses to the safe member-by-member version. An alternative might be to ensure that everything returned from the WebGPU API has initialized padding, but this invariant is not trivial to guarantee. Fixed: chromium:1359098 Change-Id: I91151251d1ab999e0f5552e1efccc472e451cc10 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/102461 Reviewed-by: Brandon Jones <bajones@chromium.org> Reviewed-by: Corentin Wallez <cwallez@chromium.org> Kokoro: Kokoro <noreply+kokoro@google.com> Commit-Queue: Austin Eng <enga@chromium.org> |
||
|---|---|---|
| .. | ||
| common | ||
| native | ||
| wire | ||