encounter/dawn-cmake
1
0
Fork 0
mirror of https://github.com/encounter/dawn-cmake.git synced 2025-07-15 17:45:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
dawn-cmake/test/tint/bug/chromium/1383755.wgsl.expected.msl
Ben Clayton c33d10ae79 tint/resolver: Fix bad pointer deref (UAF) 
Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.

I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.

Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
2022-11-13 18:26:25 +00:00

52 lines
1.6 KiB
Plaintext
Raw Blame History

#include <metal_stdlib>
using namespace metal;
template<typename T, size_t N>
struct tint_array {
const constant T& operator[](size_t i) const constant { return elements[i]; }
device T& operator[](size_t i) device { return elements[i]; }
const device T& operator[](size_t i) const device { return elements[i]; }
thread T& operator[](size_t i) thread { return elements[i]; }
const thread T& operator[](size_t i) const thread { return elements[i]; }
threadgroup T& operator[](size_t i) threadgroup { return elements[i]; }
const threadgroup T& operator[](size_t i) const threadgroup { return elements[i]; }
T elements[N];
};
struct TestDatabuMltin {
tint_array<atomic_int, 9> functionatxa4;
tint_array<atomic_int, 32772> data;
tint_array<atomic_int, 4> a;
tint_array<atomic_int, 1> dzet4rnaumtax2at;
};
struct Tc65535tDtint_symbol_7ata {
tint_array<atomic_int, 72365> dtma1atxa4;
tint_array<atomic_int, 2> hata;
tint_array<atomic_int, 3> a;
tint_array<atomic_int, 35526> returnma3tatxa92233720368547R758p8;
};
struct TzVfat0x32769tDvar {
tint_array<atomic_int, 39611> dmat2axat2;
};
struct TestDauiltin {
tint_array<atomic_int, 9> dmat2a2axt;
tint_array<atomic_int, 32742> data;
tint_array<atomic_int, 4> a;
};
struct Teec65538tDtint_sybom_l7ata {
tint_array<atomic_int, 32768> dmat1atxainverseSqrt4;
tint_array<atomic_int, 2> hata;
tint_array<atomic_int, 5> a;
tint_array<atomic_int, 1> dreturnmc4tax2at;
};
struct TzfVatt0x0UDatasmvec65535tDtinvec4matomicMaxbol_fVatt0atomicMin3D9t672var {
tint_array<atomic_int, 39711> dmat2axat1;
};
Reference in New Issue View Git Blame Copy Permalink