From d711604ec71004f47d2527b279ed5cc0d7681557 Mon Sep 17 00:00:00 2001
From: Mark Lobodzinski <mark@lunarg.com>
Date: Fri, 14 Oct 2016 10:59:27 -0600
Subject: layers: GH1055, Add bounds checks for CmdCopyImage

Added missing bounds-checking code.

Change-Id: Ia65b8bb22e6c580c3ebbb26409ddfbf5dcb683b6
---
 layers/image.cpp | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

(limited to 'layers/image.cpp')

diff --git a/layers/image.cpp b/layers/image.cpp
index 472de933..ef3ddb11 100644
--- a/layers/image.cpp
+++ b/layers/image.cpp
@@ -730,7 +730,28 @@ static bool region_intersects(const VkImageCopy *src, const VkImageCopy *dst, Vk
 static bool exceeds_bounds(const VkOffset3D *offset, const VkExtent3D *extent, const IMAGE_STATE *image) {
     bool result = false;
     // Extents/depths cannot be negative but checks left in for clarity
-
+    switch (image->imageType) {
+    case VK_IMAGE_TYPE_3D: // Validate z and depth
+        if ((offset->z + extent->depth > image->extent.depth) || (offset->z < 0) ||
+            ((offset->z + static_cast<int32_t>(extent->depth)) < 0)) {
+            result = true;
+        }
+        // Intentionally fall through to 2D case to check height
+    case VK_IMAGE_TYPE_2D: // Validate y and height
+        if ((offset->y + extent->height > image->extent.height) || (offset->y < 0) ||
+            ((offset->y + static_cast<int32_t>(extent->height)) < 0)) {
+            result = true;
+        }
+        // Intentionally fall through to 1D case to check width
+    case VK_IMAGE_TYPE_1D: // Validate x and width
+        if ((offset->x + extent->width > image->extent.width) || (offset->x < 0) ||
+            ((offset->x + static_cast<int32_t>(extent->width)) < 0)) {
+            result = true;
+        }
+        break;
+    default:
+        assert(false);
+    }
     return result;
 }
 
-- 
cgit v1.2.3