Cherry pick PR #7360: BACKPORT: Don't set dirty bits for attribs that are out of range. #7369
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
) This CL backports https://chromium-review.googlesource.com/c/angle/angle/+/5008034 to address an out-of-bounds access bug. I did some minor modifications to resolve conflict. Some of the upstream code has been moving around, for example FrontendFeatures_autogen.h is in include/platform/autogen/FrontendFeatures_autogen.h in the upstream. And in Context.cpp, it calls caps->maxVertexAttributes and there are some dependency on other PR, I keep the minimum change, and fix it by directly call mState.mCaps.maxVertexAttributes. Bug: 437918195 Original commit description: PrivateState::setAllDirtyBits sets all bits in mDirtyCurrentValues. When the context has fewer max attibutes than MAX_VERTEX_ATTRIBS, this can cause out-of-bounds access to PrivateState::mVertexAttribCurrentValues if the dirty bits are iterated over without range validation. (cherry picked from commit 388ac44)
|
Caution There were merge conflicts while cherry picking! Check out cherry-pick-26.android-7360 and fix the conflicts before proceeding. Check the log at https://github.com/youtube/cobalt/actions/runs/18052806236 for details. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refer to the original PR: #7360
This CL backports https://chromium-review.googlesource.com/c/angle/angle/+/5008034 to address an out-of-bounds access bug.
I did some minor modifications to resolve conflict. Some of the upstream code has been moving around, for example FrontendFeatures_autogen.h is in include/platform/autogen/FrontendFeatures_autogen.h in the upstream. And in Context.cpp, it calls caps->maxVertexAttributes and there are some dependency on other PR, I keep the minimum change, and fix it by directly call mState.mCaps.maxVertexAttributes.
Bug: 437918195
Original commit description:
PrivateState::setAllDirtyBits sets all bits in mDirtyCurrentValues. When the context has fewer max attibutes than MAX_VERTEX_ATTRIBS, this can cause out-of-bounds access to
PrivateState::mVertexAttribCurrentValues if the dirty bits are iterated over without range validation.