vkr: fix some null dereferences

We could also let the decoder check for them because vk.xml has
"optional" attribute that is used to specify whether a pointer can be
NULL or not.  For now, do it manually.

Signed-off-by: Chia-I Wu <olvaffe@gmail.com>
Reviewed-by: Yiwei Zhang <zzyiwei@chromium.org>
macos/master
Chia-I Wu 3 years ago
parent 0ee70e92a5
commit 44448cf75c
  1. 47
      src/vkr_renderer.c

@ -449,6 +449,11 @@ vkr_dispatch_vkSetReplyCommandStreamMESA(
struct vkr_context *ctx = dispatch->data; struct vkr_context *ctx = dispatch->data;
struct vkr_resource_attachment *att; struct vkr_resource_attachment *att;
if (!args->pStream) {
vkr_cs_decoder_set_fatal(&ctx->decoder);
return;
}
att = util_hash_table_get(ctx->resource_table, att = util_hash_table_get(ctx->resource_table,
uintptr_to_pointer(args->pStream->resourceId)); uintptr_to_pointer(args->pStream->resourceId));
if (!att) { if (!att) {
@ -528,6 +533,11 @@ vkr_dispatch_vkExecuteCommandStreamsMESA(
{ {
struct vkr_context *ctx = dispatch->data; struct vkr_context *ctx = dispatch->data;
if (!args->streamCount || !args->pStreams) {
vkr_cs_decoder_set_fatal(&ctx->decoder);
return;
}
/* note that nested vkExecuteCommandStreamsMESA is not allowed */ /* note that nested vkExecuteCommandStreamsMESA is not allowed */
if (!vkr_cs_decoder_push_state(&ctx->decoder)) { if (!vkr_cs_decoder_push_state(&ctx->decoder)) {
vkr_cs_decoder_set_fatal(&ctx->decoder); vkr_cs_decoder_set_fatal(&ctx->decoder);
@ -587,6 +597,11 @@ vkr_dispatch_vkCreateRingMESA(struct vn_dispatch_context *dispatch,
size_t size; size_t size;
struct vkr_ring *ring; struct vkr_ring *ring;
if (!info) {
vkr_cs_decoder_set_fatal(&ctx->decoder);
return;
}
att = util_hash_table_get(ctx->resource_table, uintptr_to_pointer(info->resourceId)); att = util_hash_table_get(ctx->resource_table, uintptr_to_pointer(info->resourceId));
if (!att) { if (!att) {
vkr_cs_decoder_set_fatal(&ctx->decoder); vkr_cs_decoder_set_fatal(&ctx->decoder);
@ -694,18 +709,27 @@ vkr_dispatch_vkWriteRingExtraMESA(struct vn_dispatch_context *dispatch,
} }
static void static void
vkr_dispatch_vkEnumerateInstanceVersion(UNUSED struct vn_dispatch_context *dispatch, vkr_dispatch_vkEnumerateInstanceVersion(struct vn_dispatch_context *dispatch,
struct vn_command_vkEnumerateInstanceVersion *args) struct vn_command_vkEnumerateInstanceVersion *args)
{ {
struct vkr_context *ctx = dispatch->data;
if (!args->pApiVersion) {
vkr_cs_decoder_set_fatal(&ctx->decoder);
return;
}
vn_replace_vkEnumerateInstanceVersion_args_handle(args); vn_replace_vkEnumerateInstanceVersion_args_handle(args);
args->ret = vkEnumerateInstanceVersion(args->pApiVersion); args->ret = vkEnumerateInstanceVersion(args->pApiVersion);
} }
static void static void
vkr_dispatch_vkEnumerateInstanceExtensionProperties( vkr_dispatch_vkEnumerateInstanceExtensionProperties(
UNUSED struct vn_dispatch_context *dispatch, struct vn_dispatch_context *dispatch,
struct vn_command_vkEnumerateInstanceExtensionProperties *args) struct vn_command_vkEnumerateInstanceExtensionProperties *args)
{ {
struct vkr_context *ctx = dispatch->data;
VkExtensionProperties private_extensions[] = { VkExtensionProperties private_extensions[] = {
{ {
.extensionName = "VK_EXT_command_serialization", .extensionName = "VK_EXT_command_serialization",
@ -715,6 +739,11 @@ vkr_dispatch_vkEnumerateInstanceExtensionProperties(
}, },
}; };
if (!args->pPropertyCount) {
vkr_cs_decoder_set_fatal(&ctx->decoder);
return;
}
if (!args->pProperties) { if (!args->pProperties) {
*args->pPropertyCount = ARRAY_SIZE(private_extensions); *args->pPropertyCount = ARRAY_SIZE(private_extensions);
args->ret = VK_SUCCESS; args->ret = VK_SUCCESS;
@ -766,6 +795,11 @@ vkr_dispatch_vkCreateInstance(struct vn_dispatch_context *dispatch,
return; return;
} }
if (!args->pCreateInfo) {
vkr_cs_decoder_set_fatal(&ctx->decoder);
return;
}
if (args->pCreateInfo->enabledLayerCount) { if (args->pCreateInfo->enabledLayerCount) {
args->ret = VK_ERROR_LAYER_NOT_PRESENT; args->ret = VK_ERROR_LAYER_NOT_PRESENT;
return; return;
@ -4012,9 +4046,16 @@ vkr_dispatch_vkGetMemoryResourcePropertiesMESA(
static void static void
vkr_dispatch_vkGetVenusExperimentalFeatureData100000MESA( vkr_dispatch_vkGetVenusExperimentalFeatureData100000MESA(
UNUSED struct vn_dispatch_context *dispatch, struct vn_dispatch_context *dispatch,
struct vn_command_vkGetVenusExperimentalFeatureData100000MESA *args) struct vn_command_vkGetVenusExperimentalFeatureData100000MESA *args)
{ {
struct vkr_context *ctx = dispatch->data;
if (!args->pDataSize) {
vkr_cs_decoder_set_fatal(&ctx->decoder);
return;
}
const VkVenusExperimentalFeatures100000MESA features = { const VkVenusExperimentalFeatures100000MESA features = {
.memoryResourceAllocationSize = VK_TRUE, .memoryResourceAllocationSize = VK_TRUE,
}; };

Loading…
Cancel
Save