-
Notifications
You must be signed in to change notification settings - Fork 938
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do not feed &"" to D3DCompile #5812
Do not feed &"" to D3DCompile #5812
Conversation
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses! Pass the NULL pointer to D3DCompile if wgpu lacks a decent CString. refs: - https://learn.microsoft.com/en-us/windows/win32/api/d3dcompiler/nf-d3dcompiler-d3dcompile Co-authored-by: Jan Hohenheim <jan@hohenheim.ch> Co-authored-by: Brezak <bezak.adam@proton.me>
I had originally intended to test this more thoroughly but I stopped when I discovered I had to fuck around with patching multiple libraries, not just the Bevy monorepo, just to get the Bevy example in question to build. |
7c5b14d
to
2ae705b
Compare
7bd82b5
to
525364d
Compare
525364d
to
b0f603f
Compare
Thanks for the fix! We should backport this. |
Something else I noticed while looking at this is that
but we pass it UTF-8.
There is also this page which says you can change the default code page to UTF-8 and therefore rely on We can probably assume using ASCII for those is safe. Microsoft's docs don't seem to guarantee that those code pages are extended ASCII; Wikipedia does though, maybe they went through all the listed ones and checked that they are. I will open a new issue to track this. |
A new release with this fix would be greatly appreciated! 🙏 |
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses! Pass the NULL pointer to D3DCompile if wgpu lacks a decent CString. refs: - https://learn.microsoft.com/en-us/windows/win32/api/d3dcompiler/nf-d3dcompiler-d3dcompile Co-authored-by: Jan Hohenheim <jan@hohenheim.ch> Co-authored-by: Brezak <bezak.adam@proton.me>
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses! Pass the NULL pointer to D3DCompile if wgpu lacks a decent CString. refs: - https://learn.microsoft.com/en-us/windows/win32/api/d3dcompiler/nf-d3dcompiler-d3dcompile Co-authored-by: Jan Hohenheim <jan@hohenheim.ch> Co-authored-by: Brezak <bezak.adam@proton.me>
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses! Pass the NULL pointer to D3DCompile if wgpu lacks a decent CString. refs: - https://learn.microsoft.com/en-us/windows/win32/api/d3dcompiler/nf-d3dcompiler-d3dcompile Co-authored-by: Jan Hohenheim <jan@hohenheim.ch> Co-authored-by: Brezak <bezak.adam@proton.me>
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses! Pass the NULL pointer to D3DCompile if wgpu lacks a decent CString. refs: - https://learn.microsoft.com/en-us/windows/win32/api/d3dcompiler/nf-d3dcompiler-d3dcompile Co-authored-by: Jan Hohenheim <jan@hohenheim.ch> Co-authored-by: Brezak <bezak.adam@proton.me>
@glandium The arguments to HRESULT D3DCompile(
[in] LPCVOID pSrcData,
[in] SIZE_T SrcDataSize,
[in, optional] LPCSTR pSourceName,
[in, optional] const D3D_SHADER_MACRO *pDefines,
[in, optional] ID3DInclude *pInclude,
[in, optional] LPCSTR pEntrypoint,
[in] LPCSTR pTarget,
[in] UINT Flags1,
[in] UINT Flags2,
[out] ID3DBlob **ppCode,
[out, optional] ID3DBlob **ppErrorMsgs
); So the textual arguments are as follows:
So it seems to me that all cases are now addressed. What specifically do you think is still wrong? |
It was, in fact, changed to a CString in this PR. I had missed it.
I must say I didn't look at callers to see what they were doing. |
Hm, the |
That's still unsound in |
With #5836 |
I agree with all this - I didn't mean to suggest otherwise. I'm glad to see #5836. |
Again, I was looking at the actual origin of the data, which is this:
But yes, we agree that this PR fixed the actual value being passed to |
Since I may have been misunderstood: I think using terms like "morally wrong" for code like the original A single instance of this kind of problem is not a big deal. A Rust update makes Bevy crash? Fine, we debug it, fix it, and move on. But if we make a practice of tolerating unsound code, we'll have not one but a steady stream of such distractions. And that will be a disaster, because Properly used Rust is a huge improvement in development velocity, which we as a project can't afford to give up. People doing code review for |
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses! Pass the NULL pointer to D3DCompile if wgpu lacks a decent CString. refs: - https://learn.microsoft.com/en-us/windows/win32/api/d3dcompiler/nf-d3dcompiler-d3dcompile Co-authored-by: Jubilee <46493976+workingjubilee@users.noreply.github.com> Co-authored-by: Jan Hohenheim <jan@hohenheim.ch> Co-authored-by: Brezak <bezak.adam@proton.me>
Permalink: <gfx-rs#5812>
Permalink: <gfx-rs#5812>
Permalink: <gfx-rs#5812>
Permalink: <gfx-rs#5812>
- Revert #13834 once wgpu released the fix for gfx-rs/wgpu#5812
- Revert bevyengine#13834 once wgpu released the fix for gfx-rs/wgpu#5812
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses! Pass the NULL pointer to D3DCompile if wgpu lacks a decent CString. refs: - https://learn.microsoft.com/en-us/windows/win32/api/d3dcompiler/nf-d3dcompiler-d3dcompile Co-authored-by: Jan Hohenheim <jan@hohenheim.ch> Co-authored-by: Brezak <bezak.adam@proton.me>
Permalinks: * <gfx-rs#5812> * <gfx-rs#5833>
This also updates `wgpu-core` and `wgpu-hal` to the corresponding versions (which are 0.21.x). This fixes some undefined behavior when building with Rust 1.79 and using the Direct3D 12 backend: gfx-rs/wgpu#5812 It also fixes an issue on OpenGL where non-sRGB was still using sRGB: gfx-rs/wgpu#5642
This also updates `wgpu-core` and `wgpu-hal` to the corresponding versions (which are 0.21.x). This fixes some undefined behavior when building with Rust 1.79 and using the Direct3D 12 backend: gfx-rs/wgpu#5812 It also fixes an issue on OpenGL where non-sRGB was still using sRGB: gfx-rs/wgpu#5642
This also updates `wgpu-core` and `wgpu-hal` to the corresponding versions (which are 0.21.x). This fixes some undefined behavior when building with Rust 1.79 and using the Direct3D 12 backend: gfx-rs/wgpu#5812 It also fixes an issue on OpenGL where non-sRGB was still using sRGB: gfx-rs/wgpu#5642
This also updates `wgpu-core` and `wgpu-hal` to the corresponding versions (which are 0.21.x). This fixes some undefined behavior when building with Rust 1.79 and using the Direct3D 12 backend: gfx-rs/wgpu#5812 It also fixes an issue on OpenGL where non-sRGB was still using sRGB: gfx-rs/wgpu#5642
This also updates `wgpu-core` and `wgpu-hal` to the corresponding versions (which are 0.21.x). This fixes some undefined behavior when building with Rust 1.79 and using the Direct3D 12 backend: gfx-rs/wgpu#5812 It also fixes an issue on OpenGL where non-sRGB was still using sRGB: gfx-rs/wgpu#5642
A recent change by rustc, now in 1.79-stable, makes empty str constants point to the same location: 0x01. This is an optimization of sorts, not stable behavior. Code must not rely on constants having stable addresses nor should it pass &"" to APIs expecting CStrs or NULL addresses. D3DCompile will segfault if you give it such a pointer, or worse: read random garbage addresses!
source_name: Option<&CStr>
, as otherwise the API must beunsafe
.refs: