From 18638b4cdbc098d0fba0d975c7e35a0810df0760 Mon Sep 17 00:00:00 2001 From: Gert Wollny Date: Wed, 15 Jan 2020 13:40:21 +0100 Subject: [PATCH] test: Add fuzzer test to check illegal CS shader execution Test whether submitting command 0x25 (CS shader execution) without submitting a CS shader before is handled well. Related #155 Signed-off-by: Gert Wollny Reviewed-by: Gurchetan Singh --- tests/test_fuzzer_formats.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/tests/test_fuzzer_formats.c b/tests/test_fuzzer_formats.c index ad80b42..a19e603 100644 --- a/tests/test_fuzzer_formats.c +++ b/tests/test_fuzzer_formats.c @@ -676,6 +676,41 @@ static void test_heap_overflow_vrend_renderer_transfer_write_iov_compressed_tex( virgl_renderer_submit_cmd((void *) cmd, ctx_id, 11 + 4 + 1); } + +static void test_cs_nullpointer_deference() +{ + + struct virgl_renderer_resource_create_args args; + args.handle = 0x6e735f72; + args.target = 2; + args.format = 0x101; + args.bind = 0x19191919; + args.width = 0x19191919; + args.height = 0x19191919; + args.depth = 0x411959; + args.array_size = 0; + args.last_level = 0x19190000; + args.nr_samples = 0; + args.flags = 0x31313100; + + virgl_renderer_resource_create(&args, NULL, 0); + virgl_renderer_ctx_attach_resource(ctx_id, args.handle); + + uint32_t cmd[9]; + int i = 0; + cmd[i++] = 0x0083925; + cmd[i++] = 0x00313131; + cmd[i++] = 0; + cmd[i++] = 0; + cmd[i++] = 0; + cmd[i++] = 0x25313131; + cmd[i++] = 0x39; + cmd[i++] = 0x0001370b; + cmd[i++] = 0x00340000; + + virgl_renderer_submit_cmd((void *) cmd, ctx_id, 9); +} + int main() { initialize_environment(); @@ -695,6 +730,8 @@ int main() test_heap_overflow_vrend_renderer_transfer_write_iov(); test_heap_overflow_vrend_renderer_transfer_write_iov_compressed_tex(); + test_cs_nullpointer_deference(); + virgl_renderer_context_destroy(ctx_id); virgl_renderer_cleanup(&cookie); virgl_egl_destroy(test_egl);