Make OpenGL string entry points validate the string

gpu/command_buffer/service/gles2_cmd_decoder.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "gpu/command_buffer/service/gles2_cmd_decoder.h"
 
 #include <stdio.h>
 
 #include <algorithm>
 #include <list>
@@ skipping 113 matching lines @@
 };
 
 static bool IsAngle() {
 #if defined(OS_WIN)
   return gfx::GetGLImplementation() == gfx::kGLImplementationEGLGLES2;
 #else
   return false;
 #endif
 }
 
+// Return true if a character belongs to the ASCII subset as defined in
+// GLSL ES 1.0 spec section 3.1.
+static bool CharacterIsValidForGLES(unsigned char c) {
+  // Printing characters are valid except " $ ` @ \ ' DEL.
+  if (c >= 32 && c <= 126 &&
+      c != '"' &&
+      c != '$' &&
+      c != '`' &&
+      c != '@' &&
+      c != '\\' &&
+      c != '\'') {
+    return true;
+  }
+  // Horizontal tab, line feed, vertical tab, form feed, carriage return
+  // are also valid.
+  if (c >= 9 && c <= 13) {
+    return true;
+  }
+
+  return false;
+}
+
+static bool StringIsValidForGLES(const char* str) {
+  for (; *str; ++str) {
+    if (!CharacterIsValidForGLES(*str)) {
+      return false;
+    }
+  }
+  return true;
+}
+
 static void WrappedTexImage2D(
     GLenum target,
     GLint level,
     GLenum internal_format,
     GLsizei width,
     GLsizei height,
     GLint border,
     GLenum format,
     GLenum type,
     const void* pixels) {
@@ skipping 648 matching lines @@
     RenderbufferManager::RenderbufferInfo* info =
         renderbuffer_manager()->GetRenderbufferInfo(client_id);
     return (info && !info->IsDeleted()) ? info : NULL;
   }
 
   // Removes the renderbuffer info for the given renderbuffer.
   void RemoveRenderbufferInfo(GLuint client_id) {
     renderbuffer_manager()->RemoveRenderbufferInfo(client_id);
   }
 
+  void DoBindAttribLocation(GLuint client_id, GLuint index, const char* name);
+
   error::Error GetAttribLocationHelper(
     GLuint client_id, uint32 location_shm_id, uint32 location_shm_offset,
     const std::string& name_str);
 
   error::Error GetUniformLocationHelper(
     GLuint client_id, uint32 location_shm_id, uint32 location_shm_offset,
     const std::string& name_str);
 
   // Helper for glShaderSource.
   error::Error ShaderSourceHelper(
@@ skipping 2498 matching lines @@
 void GLES2DecoderImpl::DoGetProgramiv(
     GLuint program_id, GLenum pname, GLint* params) {
   ProgramManager::ProgramInfo* info = GetProgramInfoNotShader(
       program_id, "glGetProgramiv");
   if (!info) {
     return;
   }
   info->GetProgramiv(pname, params);
 }
 
+void GLES2DecoderImpl::DoBindAttribLocation(
+    GLuint program, GLuint index, const char* name) {
+  if (!StringIsValidForGLES(name)) {
+    SetGLError(GL_INVALID_VALUE, "glBindAttribLocation: Invalid character");
+    return;
+  }
+  ProgramManager::ProgramInfo* info = GetProgramInfoNotShader(
+      program, "glBindAttribLocation");
+  if (!info) {
+    return;
+  }
+  glBindAttribLocation(info->service_id(), index, name);
+}
+
 error::Error GLES2DecoderImpl::HandleBindAttribLocation(
     uint32 immediate_data_size, const gles2::BindAttribLocation& c) {
   GLuint program = static_cast<GLuint>(c.program);
-  ProgramManager::ProgramInfo* info = GetProgramInfoNotShader(
-      program, "glBindAttribLocation");
-  if (!info) {
-    return error::kNoError;
-  }
   GLuint index = static_cast<GLuint>(c.index);
   uint32 name_size = c.data_size;
   const char* name = GetSharedMemoryAs<const char*>(
       c.name_shm_id, c.name_shm_offset, name_size);
   if (name == NULL) {
     return error::kOutOfBounds;
   }
   String name_str(name, name_size);
-  glBindAttribLocation(info->service_id(), index, name_str.c_str());
+  DoBindAttribLocation(program, index, name_str.c_str());
   return error::kNoError;
 }
 
 error::Error GLES2DecoderImpl::HandleBindAttribLocationImmediate(
     uint32 immediate_data_size, const gles2::BindAttribLocationImmediate& c) {
   GLuint program = static_cast<GLuint>(c.program);
-  ProgramManager::ProgramInfo* info = GetProgramInfoNotShader(
-      program, "glBindAttribLocation");
-  if (!info) {
-    return error::kNoError;
-  }
   GLuint index = static_cast<GLuint>(c.index);
   uint32 name_size = c.data_size;
   const char* name = GetImmediateDataAs<const char*>(
       c, name_size, immediate_data_size);
   if (name == NULL) {
     return error::kOutOfBounds;
   }
   String name_str(name, name_size);
-  glBindAttribLocation(info->service_id(), index, name_str.c_str());
+  DoBindAttribLocation(program, index, name_str.c_str());
   return error::kNoError;
 }
 
 error::Error GLES2DecoderImpl::HandleBindAttribLocationBucket(
     uint32 immediate_data_size, const gles2::BindAttribLocationBucket& c) {
   GLuint program = static_cast<GLuint>(c.program);
-  ProgramManager::ProgramInfo* info = GetProgramInfoNotShader(
-      program, "glBindAttribLocation");
-  if (!info) {
-    return error::kNoError;
-  }
   GLuint index = static_cast<GLuint>(c.index);
   Bucket* bucket = GetBucket(c.name_bucket_id);
   if (!bucket || bucket->size() == 0) {
     return error::kInvalidArguments;
   }
   std::string name_str;
   if (!bucket->GetAsString(&name_str)) {
     return error::kInvalidArguments;
   }
-  glBindAttribLocation(info->service_id(), index, name_str.c_str());
+  DoBindAttribLocation(program, index, name_str.c_str());
   return error::kNoError;
 }
 
 error::Error GLES2DecoderImpl::HandleDeleteShader(
     uint32 immediate_data_size, const gles2::DeleteShader& c) {
   GLuint client_id = c.shader;
   if (client_id) {
     ShaderManager::ShaderInfo* info = GetShaderInfo(client_id);
     if (info) {
       if (!info->IsDeleted()) {
@@ skipping 1285 matching lines @@
   }
   return max_vertex_accessed;
 }
 
 // Calls glShaderSource for the various versions of the ShaderSource command.
 // Assumes that data / data_size points to a piece of memory that is in range
 // of whatever context it came from (shared memory, immediate memory, bucket
 // memory.)
 error::Error GLES2DecoderImpl::ShaderSourceHelper(
     GLuint client_id, const char* data, uint32 data_size) {
+  std::string str(data, data + data_size);
+  if (!StringIsValidForGLES(str.c_str())) {
+    SetGLError(GL_INVALID_VALUE, "glShaderSource: Invalid character");
+    return error::kNoError;
+  }
   ShaderManager::ShaderInfo* info = GetShaderInfoNotProgram(
       client_id, "glShaderSource");
   if (!info) {
     return error::kNoError;
   }
   // Note: We don't actually call glShaderSource here. We wait until
   // the call to glCompileShader.
-  info->UpdateSource(std::string(data, data + data_size).c_str());
+  info->UpdateSource(str.c_str());
   return error::kNoError;
 }
 
 error::Error GLES2DecoderImpl::HandleShaderSource(
     uint32 immediate_data_size, const gles2::ShaderSource& c) {
   uint32 data_size = c.data_size;
   const char* data = GetSharedMemoryAs<const char*>(
       c.data_shm_id, c.data_shm_offset, data_size);
   if (!data) {
     return error::kOutOfBounds;
@@ skipping 732 matching lines @@
       // Validation should have prevented us from getting here.
       NOTREACHED();
       break;
   }
   return error::kNoError;
 }
 
 error::Error GLES2DecoderImpl::GetAttribLocationHelper(
     GLuint client_id, uint32 location_shm_id, uint32 location_shm_offset,
     const std::string& name_str) {
+  if (!StringIsValidForGLES(name_str.c_str())) {
+    SetGLError(GL_INVALID_VALUE, "glGetAttribLocation: Invalid character");
+    return error::kNoError;
+  }
   ProgramManager::ProgramInfo* info = GetProgramInfoNotShader(
       client_id, "glGetAttribLocation");
   if (!info) {
     return error::kNoError;
   }
   if (!info->IsValid()) {
     SetGLError(GL_INVALID_OPERATION, "glGetAttribLocation: program not linked");
     return error::kNoError;
   }
   GLint* location = GetSharedMemoryAs<GLint*>(
@@ skipping 46 matching lines @@
   if (!bucket->GetAsString(&name_str)) {
     return error::kInvalidArguments;
   }
   return GetAttribLocationHelper(
     c.program, c.location_shm_id, c.location_shm_offset, name_str);
 }
 
 error::Error GLES2DecoderImpl::GetUniformLocationHelper(
     GLuint client_id, uint32 location_shm_id, uint32 location_shm_offset,
     const std::string& name_str) {
+  if (!StringIsValidForGLES(name_str.c_str())) {
+    SetGLError(GL_INVALID_VALUE, "glGetUniformLocation: Invalid character");
+    return error::kNoError;
+  }
   ProgramManager::ProgramInfo* info = GetProgramInfoNotShader(
       client_id, "glUniformLocation");
   if (!info) {
     return error::kNoError;
   }
   if (!info->IsValid()) {
     SetGLError(GL_INVALID_OPERATION,
                "glGetUniformLocation: program not linked");
     return error::kNoError;
   }
@@ skipping 1606 matching lines @@
   return error::kNoError;
 }
 
 // Include the auto-generated part of this file. We split this because it means
 // we can easily edit the non-auto generated parts right here in this file
 // instead of having to edit some template or the code generator.
 #include "gpu/command_buffer/service/gles2_cmd_decoder_autogen.h"
 
 }  // namespace gles2
 }  // namespace gpu