Prevent overflow in the variable packer by sanity checking each variable.

BUG=346489 Change-Id: I28f5751580729a4d4d77fa6fdee0b4a6628a05de Reviewed-on: https://chromium-review.googlesource.com/188010Reviewed-by: Jamie Madill <jmadill@chromium.org> Tested-by: Nicolas Capens <nicolascapens@chromium.org> Reviewed-by: Shannon Woods <shannonwoods@chromium.org>

Prevent overflow in the variable packer by sanity checking each variable.
7e7143d7 · Nicolas Capens · df007eac · 7e7143d7
Commit 7e7143d7 authored Feb 26, 2014 by Nicolas Capens
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

VariablePacker.cpp src/compiler/translator/VariablePacker.cpp +8 -0

No files found.
--- a/src/compiler/translator/VariablePacker.cpp
+++ b/src/compiler/translator/VariablePacker.cpp
@@ -197,6 +197,14 @@ bool VariablePacker::CheckVariablesWithinPackingLimits(int maxVectors, const TVa
    bottomNonFullRow_ = maxRows_ - 1;
    TVariableInfoList variables(in_variables);
+    // Check whether each variable fits in the available vectors.
+    for (size_t i = 0; i < variables.size(); i++) {
+        const TVariableInfo& variable = variables[i];
+        if (variable.size > maxVectors / GetNumRows(variable.type)) {
+            return false;
+        }
+    }
    // As per GLSL 1.017 Appendix A, Section 7 variables are packed in specific
    // order by type, then by size of array, largest first.
    std::sort(variables.begin(), variables.end(), TVariableInfoComparer());