test: Add fuzzer test to check illegal CS shader execution

Test whether submitting command 0x25 (CS shader execution) without submitting a CS shader before is handled well. Related #155 Signed-off-by: Gert Wollny <gert.wollny@collabora.com> Reviewed-by: Gurchetan Singh <gurchetansingh@chromium.org>
5 years ago · 18638b4cdb
parent 522b610a82
commit 18638b4cdb
1 changed files with 37 additions and 0 deletions
--- a/tests/test_fuzzer_formats.c
+++ b/tests/test_fuzzer_formats.c
@ -676,6 +676,41 @@ static void test_heap_overflow_vrend_renderer_transfer_write_iov_compressed_tex(
   virgl_renderer_submit_cmd((void *) cmd, ctx_id, 11 + 4 + 1);
 }

+
+static void test_cs_nullpointer_deference()
+{
+
+   struct virgl_renderer_resource_create_args args;
+   args.handle = 0x6e735f72;
+   args.target = 2;
+   args.format = 0x101;
+   args.bind = 0x19191919;
+   args.width = 0x19191919;
+   args.height = 0x19191919;
+   args.depth = 0x411959;
+   args.array_size = 0;
+   args.last_level = 0x19190000;
+   args.nr_samples = 0;
+   args.flags = 0x31313100;
+
+   virgl_renderer_resource_create(&args, NULL, 0);
+   virgl_renderer_ctx_attach_resource(ctx_id, args.handle);
+
+   uint32_t cmd[9];
+   int i = 0;
+   cmd[i++] = 0x0083925;
+   cmd[i++] = 0x00313131;
+   cmd[i++] = 0;
+   cmd[i++] = 0;
+   cmd[i++] = 0;
+   cmd[i++] = 0x25313131;
+   cmd[i++] = 0x39;
+   cmd[i++] = 0x0001370b;
+   cmd[i++] = 0x00340000;
+
+  virgl_renderer_submit_cmd((void *) cmd, ctx_id, 9);
+}
+
 int main()
 {
   initialize_environment();
@ -695,6 +730,8 @@ int main()
   test_heap_overflow_vrend_renderer_transfer_write_iov();
   test_heap_overflow_vrend_renderer_transfer_write_iov_compressed_tex();

+   test_cs_nullpointer_deference();
+
   virgl_renderer_context_destroy(ctx_id);
   virgl_renderer_cleanup(&cookie);
   virgl_egl_destroy(test_egl);