Validate UniformBlocks being backed by sufficient data

gpu/command_buffer/service/gles2_cmd_decoder.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "gpu/command_buffer/service/gles2_cmd_decoder.h"
 
 #include <limits.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
@@ skipping 1356 matching lines @@
 
   // Checks if a draw buffer's format and its corresponding fragment shader
   // output's type are compatible, i.e., a signed integer typed variable is
   // incompatible with a float or unsigned integer buffer.
   // If incompaticle, generates an INVALID_OPERATION to avoid undefined buffer
   // contents and return false.
   // Otherwise, filter out the draw buffers that are not written to but are not
   // NONE through DrawBuffers, to be on the safe side. Return true.
   bool ValidateAndAdjustDrawBuffers(const char* function_name);
 
+  // Checks if all active uniform blocks in the current program are backed by
+  // a buffer of sufficient size.
+  // If not, generates an INVALID_OPERATION to avoid undefined behavior in
+  // shader execution and return false.
+  bool ValidateUniformBlockBackings(const char* function_name);
+
   // Checks if |api_type| is valid for the given uniform
   // If the api type is not valid generates the appropriate GL
   // error. Returns true if |api_type| is valid for the uniform
   bool CheckUniformForApiType(const Program::UniformInfo* info,
                               const char* function_name,
                               Program::UniformApiType api_type);
 
   // Gets the type of a uniform for a location in the current program. Sets GL
   // errors if the current program is not valid. Returns true if the current
   // program is valid and the location exists. Adjusts count so it
@@ skipping 6675 matching lines @@
       state_.current_program->fragment_output_written_mask();
   if (!framebuffer->ValidateAndAdjustDrawBuffers(
       fragment_output_type_mask, fragment_output_written_mask)) {
       LOCAL_SET_GL_ERROR(GL_INVALID_OPERATION, func_name,
           "buffer format and fragment output variable type incompatible");
       return false;
   }
   return true;
 }
 
+bool GLES2DecoderImpl::ValidateUniformBlockBackings(const char* func_name) {
+  switch (feature_info_->context_type()) {
+    case CONTEXT_TYPE_OPENGLES2:
+    case CONTEXT_TYPE_WEBGL1:
+      // Uniform blocks do not exist in ES2 contexts.
+      return true;
+    default:
+      break;
+  }
+  DCHECK(state_.current_program.get());
+  for (auto info : state_.current_program->uniform_block_size_info()) {
+    uint32_t buffer_size = static_cast<uint32_t>(
+        state_.indexed_uniform_buffer_bindings->GetEffectiveBufferSize(
+            info.binding));
+    if (info.data_size > buffer_size) {
+      LOCAL_SET_GL_ERROR(GL_INVALID_OPERATION, func_name,
+          "uniform blocks are not backed by a buffer with sufficient data");
+      return false;
+    }
+  }
+  return true;
+}
+
 bool GLES2DecoderImpl::CheckUniformForApiType(
     const Program::UniformInfo* info,
     const char* function_name,
     Program::UniformApiType api_type) {
   DCHECK(info);
   if ((api_type & info->accepts_api_type) == 0) {
     LOCAL_SET_GL_ERROR(GL_INVALID_OPERATION, function_name,
                        "wrong uniform function for type");
     return false;
   }
@@ skipping 1010 matching lines @@
     }
     bool simulated_fixed_attribs = false;
     if (SimulateFixedAttribs(
         function_name, max_vertex_accessed, &simulated_fixed_attribs,
         primcount)) {
       bool textures_set = !PrepareTexturesForRender();
       ApplyDirtyState();
       if (!ValidateAndAdjustDrawBuffers(function_name)) {
         return error::kNoError;
       }
+      if (!ValidateUniformBlockBackings(function_name)) {
+        return error::kNoError;
+      }
       if (!instanced) {
         glDrawArrays(mode, first, count);
       } else {
         glDrawArraysInstancedANGLE(mode, first, count, primcount);
       }
       if (textures_set) {
         RestoreStateForTextures();
       }
       if (simulated_fixed_attribs) {
         RestoreStateForSimulatedFixedAttribs();
@@ skipping 124 matching lines @@
       const GLvoid* indices = reinterpret_cast<const GLvoid*>(offset);
       bool used_client_side_array = false;
       if (element_array_buffer->IsClientSideArray()) {
         used_client_side_array = true;
         glBindBuffer(GL_ELEMENT_ARRAY_BUFFER, 0);
         indices = element_array_buffer->GetRange(offset, 0);
       }
       if (!ValidateAndAdjustDrawBuffers(function_name)) {
         return error::kNoError;
       }
+      if (!ValidateUniformBlockBackings(function_name)) {
+        return error::kNoError;
+      }
       if (state_.enable_flags.primitive_restart_fixed_index &&
           feature_info_->feature_flags().
               emulate_primitive_restart_fixed_index) {
         glEnable(GL_PRIMITIVE_RESTART);
         buffer_manager()->SetPrimitiveRestartFixedIndexIfNecessary(type);
       }
       if (!instanced) {
         glDrawElements(mode, count, type, indices);
       } else {
         glDrawElementsInstancedANGLE(mode, count, type, indices, primcount);
@@ skipping 6649 matching lines @@
                                ? state_.projection_matrix
                                : state_.modelview_matrix;
   memcpy(target_matrix, kIdentityMatrix, sizeof(kIdentityMatrix));
   // The matrix_mode is either GL_PATH_MODELVIEW_NV or GL_PATH_PROJECTION_NV
   // since the values of the _NV and _CHROMIUM tokens match.
   glMatrixLoadIdentityEXT(matrix_mode);
 }
 
 error::Error GLES2DecoderImpl::HandleUniformBlockBinding(
     uint32_t immediate_data_size, const void* cmd_data) {
+  const char* func_name = "glUniformBlockBinding";
   if (!unsafe_es3_apis_enabled())
     return error::kUnknownCommand;
   const gles2::cmds::UniformBlockBinding& c =
       *static_cast<const gles2::cmds::UniformBlockBinding*>(cmd_data);
   GLuint client_id = c.program;
   GLuint index = static_cast<GLuint>(c.index);
   GLuint binding = static_cast<GLuint>(c.binding);
-  Program* program = GetProgramInfoNotShader(
-      client_id, "glUniformBlockBinding");
+  Program* program = GetProgramInfoNotShader(client_id, func_name);
   if (!program) {
     return error::kNoError;
   }
+  if (index >= program->uniform_block_size_info().size()) {
+    LOCAL_SET_GL_ERROR(GL_INVALID_VALUE, func_name,
+        "uniformBlockIndex is not an active uniform block index");
+    return error::kNoError;
+  }
+  if (binding >= group_->max_uniform_buffer_bindings()) {
+    LOCAL_SET_GL_ERROR(GL_INVALID_VALUE, func_name,
+        "uniformBlockBinding >= MAX_UNIFORM_BUFFER_BINDINGS");
+    return error::kNoError;
+  }
   GLuint service_id = program->service_id();
   glUniformBlockBinding(service_id, index, binding);
+  program->SetUniformBlockBinding(index, binding);
   return error::kNoError;
 }
 
 error::Error GLES2DecoderImpl::HandleClientWaitSync(
     uint32_t immediate_data_size, const void* cmd_data) {
   const char* function_name = "glClientWaitSync";
   if (!unsafe_es3_apis_enabled())
     return error::kUnknownCommand;
   const gles2::cmds::ClientWaitSync& c =
       *static_cast<const gles2::cmds::ClientWaitSync*>(cmd_data);
@@ skipping 1466 matching lines @@
 }
 
 // Include the auto-generated part of this file. We split this because it means
 // we can easily edit the non-auto generated parts right here in this file
 // instead of having to edit some template or the code generator.
 #include "base/macros.h"
 #include "gpu/command_buffer/service/gles2_cmd_decoder_autogen.h"
 
 }  // namespace gles2
 }  // namespace gpu