-
Notifications
You must be signed in to change notification settings - Fork 949
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid integer overflow on multiplication in write_texture. #3146
Conversation
Codecov Report
@@ Coverage Diff @@
## master #3146 +/- ##
==========================================
- Coverage 65.41% 65.41% -0.01%
==========================================
Files 81 81
Lines 38763 38766 +3
==========================================
+ Hits 25358 25359 +1
- Misses 13405 13407 +2
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
I started writing the test and that was a good thing as it showed that fixing the cause of the panic lets us panic in backend_direct.rs instead which treats validation errors as fatal in queue_write_texture so that has to be fixed as well, I'll do it in a week or so. |
I also think we may have the same problem in copy_texture_*? Or do those use the right order? |
|
with large depth values in copy_size validate_linear_texture_data can run into integer overflows This is avoided by validating the copy depth before calling validate_linear_texture_data in queue_write_texture. The other two validate_linear_texture_data call sites already have the copy size validated beforehand.
641d092
to
94dc6e4
Compare
I added a commit that adds a ref to the error sink in the queue id, the same way it is done for device and similar handles, in order for relevant queue methods to be able handle errors gracefully and get the new test to pass. |
94dc6e4
to
b5fd0d3
Compare
This is allows us to make (some of) the queue methods forward errors instead of panicking.
b5fd0d3
to
c162cb5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great stuff, as always!
Checklist
cargo clippy
.Connections
Found by
https://bugzilla.mozilla.org/show_bug.cgi?id=1791809
Description
With large depth values in
copy_size
,validate_linear_texture_data
can run into integer overflows.This is avoided by validating the copy depth before calling
validate_linear_texture_data
inqueue_write_texture
.The other two
validate_linear_texture_data
call sites already have the copy size validated beforehand.Testing
I can add a test when I come back from vacation a week from now.