| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "gpu/command_buffer/service/common_decoder.h" | 5 #include "gpu/command_buffer/service/common_decoder.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| 11 | 11 |
| 12 #include "base/numerics/safe_math.h" | 12 #include "base/numerics/safe_math.h" |
| 13 #include "gpu/command_buffer/service/cmd_buffer_engine.h" | 13 #include "gpu/command_buffer/service/cmd_buffer_engine.h" |
| 14 | 14 |
| 15 namespace gpu { | 15 namespace gpu { |
| 16 namespace { |
| 17 static const size_t kDefaultMaxBucketSize = 1u << 30; // 1 GB |
| 18 } |
| 16 | 19 |
| 17 const CommonDecoder::CommandInfo CommonDecoder::command_info[] = { | 20 const CommonDecoder::CommandInfo CommonDecoder::command_info[] = { |
| 18 #define COMMON_COMMAND_BUFFER_CMD_OP(name) \ | 21 #define COMMON_COMMAND_BUFFER_CMD_OP(name) \ |
| 19 { \ | 22 { \ |
| 20 &CommonDecoder::Handle##name, cmd::name::kArgFlags, \ | 23 &CommonDecoder::Handle##name, cmd::name::kArgFlags, \ |
| 21 cmd::name::cmd_flags, \ | 24 cmd::name::cmd_flags, \ |
| 22 sizeof(cmd::name) / sizeof(CommandBufferEntry) - 1, \ | 25 sizeof(cmd::name) / sizeof(CommandBufferEntry) - 1, \ |
| 23 } \ | 26 } \ |
| 24 , /* NOLINT */ | 27 , /* NOLINT */ |
| 25 COMMON_COMMAND_BUFFER_CMDS(COMMON_COMMAND_BUFFER_CMD_OP) | 28 COMMON_COMMAND_BUFFER_CMDS(COMMON_COMMAND_BUFFER_CMD_OP) |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 116 DCHECK(_count && _string && _length); | 119 DCHECK(_count && _string && _length); |
| 117 *_count = count; | 120 *_count = count; |
| 118 *_string = strs; | 121 *_string = strs; |
| 119 _length->resize(count); | 122 _length->resize(count); |
| 120 for (GLsizei ii = 0; ii < count; ++ii) { | 123 for (GLsizei ii = 0; ii < count; ++ii) { |
| 121 (*_length)[ii] = length[ii]; | 124 (*_length)[ii] = length[ii]; |
| 122 } | 125 } |
| 123 return true; | 126 return true; |
| 124 } | 127 } |
| 125 | 128 |
| 126 CommonDecoder::CommonDecoder() : engine_(NULL) {} | 129 CommonDecoder::CommonDecoder() |
| 130 : engine_(NULL), max_bucket_size_(kDefaultMaxBucketSize) {} |
| 127 | 131 |
| 128 CommonDecoder::~CommonDecoder() {} | 132 CommonDecoder::~CommonDecoder() {} |
| 129 | 133 |
| 130 void* CommonDecoder::GetAddressAndCheckSize(unsigned int shm_id, | 134 void* CommonDecoder::GetAddressAndCheckSize(unsigned int shm_id, |
| 131 unsigned int data_offset, | 135 unsigned int data_offset, |
| 132 unsigned int data_size) { | 136 unsigned int data_size) { |
| 133 CHECK(engine_); | 137 CHECK(engine_); |
| 134 scoped_refptr<gpu::Buffer> buffer = engine_->GetSharedMemoryBuffer(shm_id); | 138 scoped_refptr<gpu::Buffer> buffer = engine_->GetSharedMemoryBuffer(shm_id); |
| 135 if (!buffer.get()) | 139 if (!buffer.get()) |
| 136 return NULL; | 140 return NULL; |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 230 engine_->set_token(args.token); | 234 engine_->set_token(args.token); |
| 231 return error::kNoError; | 235 return error::kNoError; |
| 232 } | 236 } |
| 233 | 237 |
| 234 error::Error CommonDecoder::HandleSetBucketSize(uint32_t immediate_data_size, | 238 error::Error CommonDecoder::HandleSetBucketSize(uint32_t immediate_data_size, |
| 235 const void* cmd_data) { | 239 const void* cmd_data) { |
| 236 const cmd::SetBucketSize& args = | 240 const cmd::SetBucketSize& args = |
| 237 *static_cast<const cmd::SetBucketSize*>(cmd_data); | 241 *static_cast<const cmd::SetBucketSize*>(cmd_data); |
| 238 uint32_t bucket_id = args.bucket_id; | 242 uint32_t bucket_id = args.bucket_id; |
| 239 uint32_t size = args.size; | 243 uint32_t size = args.size; |
| 244 if (size > max_bucket_size_) |
| 245 return error::kOutOfBounds; |
| 240 | 246 |
| 241 Bucket* bucket = CreateBucket(bucket_id); | 247 Bucket* bucket = CreateBucket(bucket_id); |
| 242 bucket->SetSize(size); | 248 bucket->SetSize(size); |
| 243 return error::kNoError; | 249 return error::kNoError; |
| 244 } | 250 } |
| 245 | 251 |
| 246 error::Error CommonDecoder::HandleSetBucketData(uint32_t immediate_data_size, | 252 error::Error CommonDecoder::HandleSetBucketData(uint32_t immediate_data_size, |
| 247 const void* cmd_data) { | 253 const void* cmd_data) { |
| 248 const cmd::SetBucketData& args = | 254 const cmd::SetBucketData& args = |
| 249 *static_cast<const cmd::SetBucketData*>(cmd_data); | 255 *static_cast<const cmd::SetBucketData*>(cmd_data); |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 344 } | 350 } |
| 345 const void* src = bucket->GetData(offset, size); | 351 const void* src = bucket->GetData(offset, size); |
| 346 if (!src) { | 352 if (!src) { |
| 347 return error::kInvalidArguments; | 353 return error::kInvalidArguments; |
| 348 } | 354 } |
| 349 memcpy(data, src, size); | 355 memcpy(data, src, size); |
| 350 return error::kNoError; | 356 return error::kNoError; |
| 351 } | 357 } |
| 352 | 358 |
| 353 } // namespace gpu | 359 } // namespace gpu |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2150803003:
Introduce gpu_fuzzer to fuzz the GPU command buffers (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@fuzzer_land_base