Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(15)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 1383463005: Fix array out of bounds access in loop iteration in gpu ipc log (Closed)

Created:
5 years, 2 months ago by r.kasibhatla
Modified:
5 years, 2 months ago
Reviewers:
RaviKasibhatla, piman
CC:
chromium-reviews, asanka, benjhayden+dwatch_chromium.org, piman+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Fix array out of bounds access in loop iteration in gpu ipc log gpu::ValueState is defined as a union of an array of int_value or float_value. sizeof(ValueState.{int_value|float_value}) will return the size as atleast 16, since both the arrays are defined to be of size 4. Using the sizeof() value, the ::Log() tries to iterate from 0 to 15, through the array bounds are from 0 to 3. BUG=None TEST=None Committed: https://crrev.com/070f79ff630ffc5d84c3218d274dc5bf8b023d67 Cr-Commit-Position: refs/heads/master@{#353242}

Patch Set 1 #

Total comments: 4

Patch Set 2 : Reworked as per comments! #

Unified diffs Side-by-side diffs Delta from patch set Stats (+4 lines, -4 lines) Patch
M gpu/ipc/gpu_command_buffer_traits.cc View 1 1 chunk +4 lines, -4 lines 0 comments Download

Messages

Total messages: 10 (3 generated)
RaviKasibhatla
PTAL.
5 years, 2 months ago (2015-10-06 10:34:36 UTC) #3
piman
https://codereview.chromium.org/1383463005/diff/1/gpu/ipc/gpu_command_buffer_traits.cc File gpu/ipc/gpu_command_buffer_traits.cc (right): https://codereview.chromium.org/1383463005/diff/1/gpu/ipc/gpu_command_buffer_traits.cc#newcode118 gpu/ipc/gpu_command_buffer_traits.cc:118: for (size_t i = 0; i < sizeof(p.int_value) / ...
5 years, 2 months ago (2015-10-06 20:04:45 UTC) #4
RaviKasibhatla
Moved to the range syntax as suggested. https://codereview.chromium.org/1383463005/diff/1/gpu/ipc/gpu_command_buffer_traits.cc File gpu/ipc/gpu_command_buffer_traits.cc (right): https://codereview.chromium.org/1383463005/diff/1/gpu/ipc/gpu_command_buffer_traits.cc#newcode118 gpu/ipc/gpu_command_buffer_traits.cc:118: for (size_t ...
5 years, 2 months ago (2015-10-07 11:58:34 UTC) #5
piman
lgtm
5 years, 2 months ago (2015-10-08 22:09:17 UTC) #6
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1383463005/20001 View timeline at https://chromium-cq-status.appspot.com/patch-timeline/1383463005/20001
5 years, 2 months ago (2015-10-09 04:44:53 UTC) #8
commit-bot: I haz the power
Committed patchset #2 (id:20001)
5 years, 2 months ago (2015-10-09 07:17:21 UTC) #9
commit-bot: I haz the power
5 years, 2 months ago (2015-10-09 07:18:42 UTC) #10
Message was sent while issue was closed. 
Patchset 2 (id:??) landed as
https://crrev.com/070f79ff630ffc5d84c3218d274dc5bf8b023d67
Cr-Commit-Position: refs/heads/master@{#353242}

Powered by Google App Engine
This is Rietveld 408576698