Make sure buffers are large enough to hold the Result structure.

Make sure buffers are large enough to hold the Result structure.

The passthrough command decoder would correctly compute that it cannot
write any results to the buffer but would still write out of bounds when
trying to write the size member of the result when the buffer size is 0.

BUG=703861
BUG=703724
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2764403002
Cr-Commit-Position: refs/heads/master@{#458868}
Committed: https://chromium.googlesource.com/chromium/src/+/bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1

[Geoff Lang, 2017-03-22 17:42:24]

Description was changed from

==========
Make sure buffers are large enough to hold the Result structure.

The passthrough command decoder would correctly compute that it cannot
write any results to the buffer but would still write out of bounds when
trying to write the size member of the result when the buffer size is 0.

BUG=703861
BUG=703724
==========

to

==========
Make sure buffers are large enough to hold the Result structure.

The passthrough command decoder would correctly compute that it cannot
write any results to the buffer but would still write out of bounds when
trying to write the size member of the result when the buffer size is 0.

BUG=703861
BUG=703724
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
==========

[Geoff Lang, 2017-03-22 17:45:05]

The CQ bit was checked by geofflang@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-03-22 17:46:02]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-22 18:48:17]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-03-22 18:48:17]

Dry run: This issue passed the CQ dry run.

[Geoff Lang, 2017-03-22 18:49:15]

geofflang@chromium.org changed reviewers:
+ piman@chromium.org

[Geoff Lang, 2017-03-22 18:49:16]

PTAL

[piman, 2017-03-22 20:25:51]

LGTM
I don't have access to those bugs, but the fixes make sense on their own.

[Geoff Lang, 2017-03-22 20:44:21]

On 2017/03/22 20:25:51, piman wrote:
> LGTM
> I don't have access to those bugs, but the fixes make sense on their own.

Thanks, I'll cc you on fuzzer bugs so you can view them from now on.

[Geoff Lang, 2017-03-22 20:44:45]

The CQ bit was checked by geofflang@chromium.org

[commit-bot: I haz the power, 2017-03-22 20:45:27]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-03-22 20:51:35]

CQ is committing da patch.

Bot data: {"patchset_id": 1, "attempt_start_ts": 1490215485863110, "parent_rev":
"2bc02b13dbedfdcaadfbf5b9f2f7e2e51229d0ad", "commit_rev":
"bdd9f645d6e6bb56bfa31c74c88a8842fda5d9d1"}

[commit-bot: I haz the power, 2017-03-22 20:52:21]

Description was changed from

==========
Make sure buffers are large enough to hold the Result structure.

The passthrough command decoder would correctly compute that it cannot
write any results to the buffer but would still write out of bounds when
trying to write the size member of the result when the buffer size is 0.

BUG=703861
BUG=703724
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel
==========

to

==========
Make sure buffers are large enough to hold the Result structure.

The passthrough command decoder would correctly compute that it cannot
write any results to the buffer but would still write out of bounds when
trying to write the size member of the result when the buffer size is 0.

BUG=703861
BUG=703724
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.android:android_optional_gpu_tests_rel;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;master.tryserver.chromium.win:win_optional_gpu_tests_rel

Review-Url: https://codereview.chromium.org/2764403002
Cr-Commit-Position: refs/heads/master@{#458868}
Committed:
https://chromium.googlesource.com/chromium/src/+/bdd9f645d6e6bb56bfa31c74c88a...
==========

[commit-bot: I haz the power, 2017-03-22 20:52:25]

Committed patchset #1 (id:1) as
https://chromium.googlesource.com/chromium/src/+/bdd9f645d6e6bb56bfa31c74c88a...