Skip to content

A
angle
Commit 4fbb6f43 by Alexis Hetu Committed by Angle LUCI CQ
Options

Vulkan: Fix accessing index buffer with uninitialized memory

This was discovered by Clusterfuzz on MacOS. The issue was that is index buffer of a draw indexed call was missing, causing SwiftShader to access uninitialized memory, leading to the ASAN crash. The missing index buffer was caused by DIRTY_BIT_INDEX_BUFFER not being set. This was in turn caused by ContextVk::flushDirtyGraphicsRenderPass() not setting dirty bits not included in the dirtyBitMask, despite needing to be set for future processing. Bug: chromium:1183068 Bug: chromium:1190493 Change-Id: I65b398d8737b3df5fd51a03a2c8074a774a94a81 Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/2961690Reviewed-by: 's avatarShahbaz Youssefi <syoussefi@chromium.org> Commit-Queue: Shahbaz Youssefi <syoussefi@chromium.org>
parent 8333d061
Showing with 7 additions and 0 deletions
src/libANGLE/renderer/vulkan/ContextVk.cpp
...@@ -5583,8 +5583,15 @@ angle::Result ContextVk::flushDirtyGraphicsRenderPass(DirtyBits::Iterator *dirty ...@@ -5583,8 +5583,15 @@ angle::Result ContextVk::flushDirtyGraphicsRenderPass(DirtyBits::Iterator *dirty
ANGLE_TRY(flushCommandsAndEndRenderPassImpl()); ANGLE_TRY(flushCommandsAndEndRenderPassImpl());
// Set dirty bits that need processing on new render pass on the dirty bits iterator that's
// being processed right now.
dirtyBitsIterator->setLaterBits(mNewGraphicsCommandBufferDirtyBits & dirtyBitMask); dirtyBitsIterator->setLaterBits(mNewGraphicsCommandBufferDirtyBits & dirtyBitMask);
// Additionally, make sure any dirty bits not included in the mask are left for future
// processing. Note that |dirtyBitMask| is removed from |mNewGraphicsCommandBufferDirtyBits|
// after dirty bits are iterated, so there's no need to mask them out.
mGraphicsDirtyBits |= mNewGraphicsCommandBufferDirtyBits;
// Restart at subpass 0. // Restart at subpass 0.
mGraphicsPipelineDesc->resetSubpass(&mGraphicsPipelineTransition); mGraphicsPipelineDesc->resetSubpass(&mGraphicsPipelineTransition);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment