diff options
| author | Charles Giessen <charles@lunarg.com> | 2021-11-15 15:50:36 -0700 |
|---|---|---|
| committer | Charles Giessen <46324611+charles-lunarg@users.noreply.github.com> | 2021-11-15 18:02:45 -0700 |
| commit | 8d361dd235db4296236f1deb5a7525f104d68b71 (patch) | |
| tree | 8693eb7e86bfe995728e6bf112975c3c68358d86 /scripts/vulkaninfo_generator.py | |
| parent | 691252756218fcbd1f0f8d7cc14e753123f08940 (diff) | |
| download | usermoji-8d361dd235db4296236f1deb5a7525f104d68b71.tar.xz | |
vulkaninfo: Prevent drivers writing out of bounds
The structure VkPhysicalDeviceShaderIntegerDotProdcutFeaturesKHR contains only a single
feature boolean flag. However, before the final version was published to the public, it
had many boolean flag values. Pre-release drivers often contain support for unpublished
extensions, such as VK_KHR_shader_integer_dot_product. Because the final version was
much smaller than the pre-release version, several drivers try to write to members that
do not exist in the final version, which cause out of bounds writes to the features struct
that vulkaninfo passes into the driver.
By increasing the size of the features struct allocation manually, we can prevent potential
crashes from OOBs writes from drivers.
Diffstat (limited to 'scripts/vulkaninfo_generator.py')
| -rw-r--r-- | scripts/vulkaninfo_generator.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/scripts/vulkaninfo_generator.py b/scripts/vulkaninfo_generator.py index 0dbb4276..ceea1962 100644 --- a/scripts/vulkaninfo_generator.py +++ b/scripts/vulkaninfo_generator.py @@ -605,7 +605,14 @@ def PrintChainBuilders(listName, structures, all_structures): if s.name in structures: out += AddGuardHeader(s) if s.sTypeName is not None: - out += f" {{{s.sTypeName}, sizeof({s.name})}},\n" + out += f" {{{s.sTypeName}, sizeof({s.name})" + # Specific versions of drivers have an incorrect definition of the size of this struct. + # We need to artificially increase it just so the driver doesn't write 'out of bounds' and cause + # difficult to debug crashes. This bug comes from the in-development version of the extension having + # a larger size than the final version, so older drivers try to writ to members which don't exist. + if s.sTypeName == "VK_STRUCTURE_TYPE_PHYSICAL_DEVICE_SHADER_INTEGER_DOT_PRODUCT_FEATURES_KHR": + out += " + 256" # Really make sure a driver wont write out of bounds + out += f"}},\n" out += AddGuardFooter(s) out += f" }};\n" return out |