layers: Avoid reading pointer to array when count is zero

Take for example VkSubmitInfo. It has, amongst others, two fields: waitSemaphoreCount and pWaitSemaphores. The specification states that if waitSemaphoreCount is zero, the application may leave pWaitSemaphores uninitialized (in essence, that field is ignored). The layers read that value anyway, triggering uninitialized read errors by memory sanitization tools. Fixes uninitialized read in QueueSubmitSemaphoresAndLayoutTracking.
author: Gabríel Arthúr Pétursson <gabriel@system.is> 2018-03-21 22:44:11 +0000
committer: Dave Houlton <daveh@lunarg.com> 2018-04-04 16:16:14 -0600
commit: 90605a51d8197d87f9b280d99c9da5e1627f0977 (patch)
tree: 0e27ddc22fc25c5eee3231ffd0139a6f5cedf738 /scripts
parent: e86bb48e0aa57fb85865447c8d573cc724d71920 (diff)
download: usermoji-90605a51d8197d87f9b280d99c9da5e1627f0977.tar.xz
2 files changed, 2 insertions, 6 deletions
diff --git a/scripts/object_tracker_generator.py b/scripts/object_tracker_generator.py
index 00b9bcd6..5130e0f4 100644
--- a/scripts/object_tracker_generator.py
+++ b/scripts/object_tracker_generator.py
@@ -744,15 +744,11 @@ class ObjectTrackerOutputGenerator(OutputGenerator):
             commonparent_vuid_string = 'VUID-%s-commonparent' % parent_name
             parent_vuid = self.GetVuid(commonparent_vuid_string)
         if obj_count is not None:
-            pre_call_code += '%s    if (%s%s) {\n' % (indent, prefix, obj_name)
-            indent = self.incIndent(indent)
             pre_call_code += '%s    for (uint32_t %s = 0; %s < %s; ++%s) {\n' % (indent, index, index, obj_count, index)
             indent = self.incIndent(indent)
             pre_call_code += '%s    skip |= ValidateObject(%s, %s%s[%s], %s, %s, %s, %s);\n' % (indent, disp_name, prefix, obj_name, index, self.GetVulkanObjType(obj_type), null_allowed, param_vuid, parent_vuid)
             indent = self.decIndent(indent)
             pre_call_code += '%s    }\n' % indent
-            indent = self.decIndent(indent)
-            pre_call_code += '%s    }\n' % indent
         else:
             pre_call_code += '%s    skip |= ValidateObject(%s, %s%s, %s, %s, %s, %s);\n' % (indent, disp_name, prefix, obj_name, self.GetVulkanObjType(obj_type), null_allowed, param_vuid, parent_vuid)
         return decl_code, pre_call_code, post_call_code
diff --git a/scripts/parameter_validation_generator.py b/scripts/parameter_validation_generator.py
index ecb98ffa..44c65765 100644
--- a/scripts/parameter_validation_generator.py
+++ b/scripts/parameter_validation_generator.py
@@ -873,14 +873,14 @@ class ParameterValidationOutputGenerator(OutputGenerator):
                 # If count and array parameters are optional, there will be no validation
                 if valueRequired == 'true' or lenPtrRequired == 'true' or lenValueRequired == 'true':
                     # When the length parameter is a pointer, there is an extra Boolean parameter in the function call to indicate if it is required
-                    checkExpr.append('skip |= validate_array(local_data->report_data, "{}", {ppp}"{ldn}"{pps}, {ppp}"{dn}"{pps}, {pf}{ln}, {pf}{vn}, {}, {}, {}, {}, {});\n'.format(
+                    checkExpr.append('skip |= validate_array(local_data->report_data, "{}", {ppp}"{ldn}"{pps}, {ppp}"{dn}"{pps}, {pf}{ln}, &{pf}{vn}, {}, {}, {}, {}, {});\n'.format(
                         funcPrintName, lenPtrRequired, lenValueRequired, valueRequired, count_required_vuid, array_required_vuid, ln=lenValue.name, ldn=lenPrintName, dn=valuePrintName, vn=value.name, pf=prefix, **postProcSpec))
             # This is an array with an integer count value
             else:
                 # If count and array parameters are optional, there will be no validation
                 if valueRequired == 'true' or lenValueRequired == 'true':
                     if value.type != 'char':
-                        checkExpr.append('skip |= validate_array(local_data->report_data, "{}", {ppp}"{ldn}"{pps}, {ppp}"{dn}"{pps}, {pf}{ln}, {pf}{vn}, {}, {}, {}, {});\n'.format(
+                        checkExpr.append('skip |= validate_array(local_data->report_data, "{}", {ppp}"{ldn}"{pps}, {ppp}"{dn}"{pps}, {pf}{ln}, &{pf}{vn}, {}, {}, {}, {});\n'.format(
                             funcPrintName, lenValueRequired, valueRequired, count_required_vuid, array_required_vuid, ln=lenValue.name, ldn=lenPrintName, dn=valuePrintName, vn=value.name, pf=prefix, **postProcSpec))
                     else:
                         # Arrays of strings receive special processing
author	Gabríel Arthúr Pétursson <gabriel@system.is>	2018-03-21 22:44:11 +0000
committer	Dave Houlton <daveh@lunarg.com>	2018-04-04 16:16:14 -0600
commit	90605a51d8197d87f9b280d99c9da5e1627f0977 (patch)
tree	0e27ddc22fc25c5eee3231ffd0139a6f5cedf738 /scripts
parent	e86bb48e0aa57fb85865447c8d573cc724d71920 (diff)
download	usermoji-90605a51d8197d87f9b280d99c9da5e1627f0977.tar.xz