From 36f4432351b3986751d030d7a5e44b360b2fac56 Mon Sep 17 00:00:00 2001 From: baldurk Date: Fri, 23 Feb 2024 14:09:40 +0000 Subject: [PATCH] Calculate tighter bounds for data copied in D3D11 initial states * This can be a problem since copying by pitch * count can slightly over-read if the pitch is larger than a row or slice, potentially reading into unmapped pages. --- renderdoc/driver/d3d11/d3d11_initstate.cpp | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/renderdoc/driver/d3d11/d3d11_initstate.cpp b/renderdoc/driver/d3d11/d3d11_initstate.cpp index a31e3c0c7..2a58260ee 100644 --- a/renderdoc/driver/d3d11/d3d11_initstate.cpp +++ b/renderdoc/driver/d3d11/d3d11_initstate.cpp @@ -696,7 +696,13 @@ bool WrappedID3D11Device::Serialise_InitialState(SerialiserType &ser, ResourceId { SubresourceContents = mapped.pData; RowPitch = mapped.RowPitch; - ContentsLength = RowPitch * numRows; + + const uint32_t rowLength = GetByteSize(desc.Width, 1, 1, desc.Format, mip); + + RDCASSERT(RowPitch >= rowLength); + + ContentsLength = RowPitch * (RDCMAX(1U, numRows) - 1); + ContentsLength += rowLength; } } @@ -878,8 +884,16 @@ bool WrappedID3D11Device::Serialise_InitialState(SerialiserType &ser, ResourceId SubresourceContents = mapped.pData; RowPitch = mapped.RowPitch; DepthPitch = mapped.DepthPitch; + + const uint32_t numSlices = RDCMAX(1U, desc.Depth >> mip); + const uint32_t rowLength = GetByteSize(desc.Width, 1, 1, desc.Format, mip); + + RDCASSERT(RowPitch >= rowLength); RDCASSERT(DepthPitch >= RowPitch * numRows); - ContentsLength = DepthPitch * RDCMAX(1U, desc.Depth >> mip); + + ContentsLength = DepthPitch * (RDCMAX(1U, numSlices) - 1); + ContentsLength += RowPitch * (RDCMAX(1U, numRows) - 1); + ContentsLength += rowLength; } }