Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(594)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 654253002: command_buffer: Avoid uninitialized read in ShaderTranslatorCache (Closed)

Created:
6 years, 2 months ago by Kimmo Kinnunen
Modified:
6 years, 1 month ago
Reviewers:
piman
CC:
chromium-reviews, piman+watch_chromium.org
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Project:
chromium
Visibility:
Public.

Description

command_buffer: Avoid uninitialized read in ShaderTranslatorCache The key in ShaderTranslatorCache std::map is copied with memcpy and compared with memcmp. However, the key is a class that does not guarantee not having any padding. Padding in ShBuiltInResources causes the comparison be invalid. Valgrind reports uninitialized reads for this. Fix by preserving usage of memcmp. Initialize the object with memset. This should write any possible padding data to a well-defined state. Depends on an ANGLE fix where ShBuiltInResources is similarly initialized with memset. The resource data is copied to the key implicitly, and this may or may not copy the padding. Committed: https://crrev.com/d67d827a4f58eb06fecc3aa396683495bec7c0dd Cr-Commit-Position: refs/heads/master@{#303817}

Patch Set 1 #

Patch Set 2 : rebase #

Patch Set 3 : rebase #

Patch Set 4 : fix msvc warning on multiple assignment operators #

Unified diffs Side-by-side diffs Delta from patch set Stats (+75 lines, -12 lines) Patch
M gpu/BUILD.gn View 1 2 1 chunk +1 line, -0 lines 0 comments Download
M gpu/command_buffer/service/shader_translator_cache.h View 1 2 3 3 chunks +17 lines, -12 lines 0 comments Download
A gpu/command_buffer/service/shader_translator_cache_unittest.cc View 1 chunk +56 lines, -0 lines 0 comments Download
M gpu/gpu.gyp View 1 2 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 19 (8 generated)
Kimmo Kinnunen
Not a fan of memcpy tricks, but it appears the original author must have had ...
6 years, 2 months ago (2014-10-15 12:23:52 UTC) #2
piman
LGTM. I'm not sure there was a good reason for memcpy. The cache is used ...
6 years, 2 months ago (2014-10-15 16:21:38 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/654253002/1
6 years, 2 months ago (2014-10-24 05:41:02 UTC) #5
commit-bot: I haz the power
Try jobs failed on following builders: linux_gpu on tryserver.chromium.gpu (http://build.chromium.org/p/tryserver.chromium.gpu/builders/linux_gpu/builds/83360) mac_gpu on tryserver.chromium.gpu (http://build.chromium.org/p/tryserver.chromium.gpu/builders/mac_gpu/builds/73008) win_gpu ...
6 years, 2 months ago (2014-10-24 05:43:33 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/654253002/20001
6 years, 2 months ago (2014-10-24 06:01:13 UTC) #9
commit-bot: I haz the power
Try jobs failed on following builders: linux_gpu_triggered_tests on tryserver.chromium.gpu (http://build.chromium.org/p/tryserver.chromium.gpu/builders/linux_gpu_triggered_tests/builds/72276)
6 years, 2 months ago (2014-10-24 06:27:34 UTC) #11
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/654253002/40001
6 years, 1 month ago (2014-11-12 08:39:50 UTC) #13
commit-bot: I haz the power
Try jobs failed on following builders: win_gpu on tryserver.chromium.gpu (http://build.chromium.org/p/tryserver.chromium.gpu/builders/win_gpu/builds/85338)
6 years, 1 month ago (2014-11-12 09:27:35 UTC) #15
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/654253002/60001
6 years, 1 month ago (2014-11-12 10:09:52 UTC) #17
commit-bot: I haz the power
Committed patchset #4 (id:60001)
6 years, 1 month ago (2014-11-12 11:09:56 UTC) #18
commit-bot: I haz the power
6 years, 1 month ago (2014-11-12 11:10:36 UTC) #19
Message was sent while issue was closed. 
Patchset 4 (id:??) landed as
https://crrev.com/d67d827a4f58eb06fecc3aa396683495bec7c0dd
Cr-Commit-Position: refs/heads/master@{#303817}

Powered by Google App Engine
This is Rietveld 408576698