Fix a NULL dereference on buffer initialization.

In some cases, where the user would create a buffer with NULL (empty) data, we would attempt to dereference NULL when drawing with the buffer as a vertex attribute. BUG=angle:749 Change-Id: Ied5ecbab4608c85890cdf7cc32a8dae46989e33b Reviewed-on: https://chromium-review.googlesource.com/219090Tested-by: Jamie Madill <jmadill@chromium.org> Reviewed-by: Shannon Woods <shannonwoods@chromium.org>

Fix a NULL dereference on buffer initialization.
ee009b8e · Jamie Madill · 2f06dbfb · ee009b8e · ee009b8e · ee009b8e
Commit ee009b8e authored Sep 19, 2014 by Jamie Madill
4 changed files
--- a/src/libGLESv2/renderer/d3d/MemoryBuffer.cpp
+++ b/src/libGLESv2/renderer/d3d/MemoryBuffer.cpp
@@ -5,6 +5,7 @@
 //
 #include "libGLESv2/renderer/d3d/MemoryBuffer.h"
+#include "common/debug.h"
 #include <algorithm>
 #include <cstdlib>
@@ -66,6 +67,7 @@ const uint8_t *MemoryBuffer::data() const
 uint8_t *MemoryBuffer::data()
 {
+    ASSERT(mData);
    return mData;
 }

--- a/src/libGLESv2/renderer/d3d/MemoryBuffer.h
+++ b/src/libGLESv2/renderer/d3d/MemoryBuffer.h
@@ -21,6 +21,7 @@ class MemoryBuffer
    bool resize(size_t size);
    size_t size() const;
+    bool empty() const { return mSize == 0; }
    const uint8_t *data() const;
    uint8_t *data();

--- a/src/libGLESv2/renderer/d3d/d3d11/Buffer11.cpp
+++ b/src/libGLESv2/renderer/d3d/d3d11/Buffer11.cpp
@@ -233,6 +233,17 @@ void *Buffer11::getData()
    mReadUsageCount = 0;
+    // Only happens if we initialized the buffer with no data (NULL)
+    if (mResolvedData.empty())
+    {
+        if (!mResolvedData.resize(mSize))
+        {
+            return gl::error(GL_OUT_OF_MEMORY, (void*)NULL);
+        }
+    }
+    ASSERT(mResolvedData.size() >= mSize);
    return mResolvedData.data();
 }

--- a/tests/angle_tests/BufferDataTest.cpp
+++ b/tests/angle_tests/BufferDataTest.cpp
@@ -114,6 +114,19 @@ TEST_F(BufferDataTest, ZeroNonNULLData)
    delete [] zeroData;
 }
+TEST_F(BufferDataTest, NULLResolvedData)
+{
+    glBindBuffer(GL_ARRAY_BUFFER, mBuffer);
+    glBufferData(GL_ARRAY_BUFFER, 128, NULL, GL_DYNAMIC_DRAW);
+    glUseProgram(mProgram);
+    glVertexAttribPointer(mAttribLocation, 1, GL_FLOAT, GL_FALSE, 4, NULL);
+    glEnableVertexAttribArray(mAttribLocation);
+    glBindBuffer(GL_ARRAY_BUFFER, 0);
+    drawQuad(mProgram, "position", 0.5f);
+}
 TEST_F(BufferDataTest, HugeSetDataShouldNotCrash)
 {
    glBindBuffer(GL_ARRAY_BUFFER, mBuffer);