Skip to content

Commit

Permalink
Prevent a few integer overflows (gfx-rs#5042)
Browse files Browse the repository at this point in the history
* Prevent a few integer overflows

* Add a changelog entry

* use u64
  • Loading branch information
nical authored Jan 12, 2024
1 parent 4fd4a71 commit 11c29c8
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 29 deletions.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,7 @@ Passing an owned value `window` to `Surface` will return a `Surface<'static>`. S
- `BufferMappedRange` trait is now `WasmNotSendSync`, i.e. it is `Send`/`Sync` if not on wasm or `fragile-send-sync-non-atomic-wasm` is enabled. By @wumpf in [#4818](https://github.com/gfx-rs/wgpu/pull/4818)
- Align `wgpu_types::CompositeAlphaMode` serde serialization to spec. By @littledivy in [#4940](https://github.com/gfx-rs/wgpu/pull/4940)
- Fix error message of `ConfigureSurfaceError::TooLarge`. By @Dinnerbone in [#4960](https://github.com/gfx-rs/wgpu/pull/4960)
- Fixed a number of panics. by @nical in [#4999](https://github.com/gfx-rs/wgpu/pull/4999), [#5014](https://github.com/gfx-rs/wgpu/pull/5014), [#5024](https://github.com/gfx-rs/wgpu/pull/5024), [#5025](https://github.com/gfx-rs/wgpu/pull/5025), [#5026](https://github.com/gfx-rs/wgpu/pull/5026), [#5027](https://github.com/gfx-rs/wgpu/pull/5027), [#5028](https://github.com/gfx-rs/wgpu/pull/5028) and [#5042](https://github.com/gfx-rs/wgpu/pull/5042).

#### DX12

Expand Down
23 changes: 12 additions & 11 deletions wgpu-core/src/command/bundle.rs
Original file line number Diff line number Diff line change
Expand Up @@ -496,7 +496,7 @@ impl RenderBundleEncoder {
let pipeline = state.pipeline(scope)?;
let used_bind_groups = pipeline.used_bind_groups;
let vertex_limits = state.vertex_limits(pipeline);
let last_vertex = first_vertex + vertex_count;
let last_vertex = first_vertex as u64 + vertex_count as u64;
if last_vertex > vertex_limits.vertex_limit {
return Err(DrawError::VertexBeyondLimit {
last_vertex,
Expand All @@ -505,7 +505,7 @@ impl RenderBundleEncoder {
})
.map_pass_err(scope);
}
let last_instance = first_instance + instance_count;
let last_instance = first_instance as u64 + instance_count as u64;
if last_instance > vertex_limits.instance_limit {
return Err(DrawError::InstanceBeyondLimit {
last_instance,
Expand Down Expand Up @@ -539,15 +539,15 @@ impl RenderBundleEncoder {
//TODO: validate that base_vertex + max_index() is within the provided range
let vertex_limits = state.vertex_limits(pipeline);
let index_limit = index.limit();
let last_index = first_index + index_count;
let last_index = first_index as u64 + index_count as u64;
if last_index > index_limit {
return Err(DrawError::IndexBeyondLimit {
last_index,
index_limit,
})
.map_pass_err(scope);
}
let last_instance = first_instance + instance_count;
let last_instance = first_instance as u64 + instance_count as u64;
if last_instance > vertex_limits.instance_limit {
return Err(DrawError::InstanceBeyondLimit {
last_instance,
Expand Down Expand Up @@ -1038,12 +1038,13 @@ impl IndexState {
/// Return the number of entries in the current index buffer.
///
/// Panic if no index buffer has been set.
fn limit(&self) -> u32 {
fn limit(&self) -> u64 {
let bytes_per_index = match self.format {
wgt::IndexFormat::Uint16 => 2,
wgt::IndexFormat::Uint32 => 4,
};
((self.range.end - self.range.start) / bytes_per_index) as u32

(self.range.end - self.range.start) / bytes_per_index
}

/// Generate a `SetIndexBuffer` command to prepare for an indexed draw
Expand Down Expand Up @@ -1127,11 +1128,11 @@ struct BindState<A: HalApi> {
#[derive(Debug)]
struct VertexLimitState {
/// Length of the shortest vertex rate vertex buffer
vertex_limit: u32,
vertex_limit: u64,
/// Buffer slot which the shortest vertex rate vertex buffer is bound to
vertex_limit_slot: u32,
/// Length of the shortest instance rate vertex buffer
instance_limit: u32,
instance_limit: u64,
/// Buffer slot which the shortest instance rate vertex buffer is bound to
instance_limit_slot: u32,
}
Expand Down Expand Up @@ -1230,14 +1231,14 @@ struct State<A: HalApi> {
impl<A: HalApi> State<A> {
fn vertex_limits(&self, pipeline: &PipelineState<A>) -> VertexLimitState {
let mut vert_state = VertexLimitState {
vertex_limit: u32::MAX,
vertex_limit: u32::MAX as u64,
vertex_limit_slot: 0,
instance_limit: u32::MAX,
instance_limit: u32::MAX as u64,
instance_limit_slot: 0,
};
for (idx, (vbs, step)) in self.vertex.iter().zip(&pipeline.steps).enumerate() {
if let Some(ref vbs) = *vbs {
let limit = ((vbs.range.end - vbs.range.start) / step.stride) as u32;
let limit = (vbs.range.end - vbs.range.start) / step.stride;
match step.mode {
wgt::VertexStepMode::Vertex => {
if limit < vert_state.vertex_limit {
Expand Down
10 changes: 5 additions & 5 deletions wgpu-core/src/command/draw.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,18 +29,18 @@ pub enum DrawError {
IncompatibleBindGroup { index: u32, diff: Vec<String> },
#[error("Vertex {last_vertex} extends beyond limit {vertex_limit} imposed by the buffer in slot {slot}. Did you bind the correct `Vertex` step-rate vertex buffer?")]
VertexBeyondLimit {
last_vertex: u32,
vertex_limit: u32,
last_vertex: u64,
vertex_limit: u64,
slot: u32,
},
#[error("Instance {last_instance} extends beyond limit {instance_limit} imposed by the buffer in slot {slot}. Did you bind the correct `Instance` step-rate vertex buffer?")]
InstanceBeyondLimit {
last_instance: u32,
instance_limit: u32,
last_instance: u64,
instance_limit: u64,
slot: u32,
},
#[error("Index {last_index} extends beyond limit {index_limit}. Did you bind the correct index buffer?")]
IndexBeyondLimit { last_index: u32, index_limit: u32 },
IndexBeyondLimit { last_index: u64, index_limit: u64 },
#[error(
"Pipeline index format ({pipeline:?}) and buffer index format ({buffer:?}) do not match"
)]
Expand Down
28 changes: 15 additions & 13 deletions wgpu-core/src/command/render.rs
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@ struct IndexState {
bound_buffer_view: Option<(id::BufferId, Range<BufferAddress>)>,
format: Option<IndexFormat>,
pipeline_format: Option<IndexFormat>,
limit: u32,
limit: u64,
}

impl IndexState {
Expand All @@ -335,7 +335,8 @@ impl IndexState {
IndexFormat::Uint16 => 1,
IndexFormat::Uint32 => 2,
};
((range.end - range.start) >> shift) as u32

(range.end - range.start) >> shift
}
None => 0,
}
Expand Down Expand Up @@ -369,11 +370,11 @@ impl VertexBufferState {
struct VertexState {
inputs: ArrayVec<VertexBufferState, { hal::MAX_VERTEX_BUFFERS }>,
/// Length of the shortest vertex rate vertex buffer
vertex_limit: u32,
vertex_limit: u64,
/// Buffer slot which the shortest vertex rate vertex buffer is bound to
vertex_limit_slot: u32,
/// Length of the shortest instance rate vertex buffer
instance_limit: u32,
instance_limit: u64,
/// Buffer slot which the shortest instance rate vertex buffer is bound to
instance_limit_slot: u32,
/// Total amount of buffers required by the pipeline.
Expand All @@ -382,13 +383,16 @@ struct VertexState {

impl VertexState {
fn update_limits(&mut self) {
self.vertex_limit = u32::MAX;
self.instance_limit = u32::MAX;
// Ensure that the limits are always smaller than u32::MAX so that
// interger overlows can be prevented via saturating additions.
let max = u32::MAX as u64;
self.vertex_limit = max;
self.instance_limit = max;
for (idx, vbs) in self.inputs.iter().enumerate() {
if vbs.step.stride == 0 || !vbs.bound {
continue;
}
let limit = (vbs.total_size / vbs.step.stride) as u32;
let limit = vbs.total_size / vbs.step.stride;
match vbs.step.mode {
VertexStepMode::Vertex => {
if limit < self.vertex_limit {
Expand Down Expand Up @@ -1891,7 +1895,7 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
};
state.is_ready(indexed).map_pass_err(scope)?;

let last_vertex = first_vertex + vertex_count;
let last_vertex = first_vertex as u64 + vertex_count as u64;
let vertex_limit = state.vertex.vertex_limit;
if last_vertex > vertex_limit {
return Err(DrawError::VertexBeyondLimit {
Expand All @@ -1901,7 +1905,7 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
})
.map_pass_err(scope);
}
let last_instance = first_instance + instance_count;
let last_instance = first_instance as u64 + instance_count as u64;
let instance_limit = state.vertex.instance_limit;
if last_instance > instance_limit {
return Err(DrawError::InstanceBeyondLimit {
Expand Down Expand Up @@ -1933,9 +1937,7 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
};
state.is_ready(indexed).map_pass_err(scope)?;

//TODO: validate that base_vertex + max_index() is
// within the provided range
let last_index = first_index + index_count;
let last_index = first_index as u64 + index_count as u64;
let index_limit = state.index.limit;
if last_index > index_limit {
return Err(DrawError::IndexBeyondLimit {
Expand All @@ -1944,7 +1946,7 @@ impl<G: GlobalIdentityHandlerFactory> Global<G> {
})
.map_pass_err(scope);
}
let last_instance = first_instance + instance_count;
let last_instance = first_instance as u64 + instance_count as u64;
let instance_limit = state.vertex.instance_limit;
if last_instance > instance_limit {
return Err(DrawError::InstanceBeyondLimit {
Expand Down

0 comments on commit 11c29c8

Please sign in to comment.