lee/renderdoc
1
0
Fork 0
mirror of https://github.com/baldurk/renderdoc.git synced 2026-05-13 05:20:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix out of bounds array or iterator accesses

Browse Source
This commit is contained in:
baldurk
2024-10-04 10:32:32 +01:00
parent cb1a2926fa
commit 8f88f1d125
5 changed files with 15 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
renderdoc/driver/gl/gl_shader_refl.cpp
+1 -1
View File
@@ -800,7 +800,7 @@ void ReconstructVarTree(GLenum query, GLuint sepProg, GLuint varIdx, GLint numPa
int32_t c = values[1] - 1;
// trim off trailing [0] if it's an array
if(var.name[c - 3] == '[' && var.name[c - 2] == '0' && var.name[c - 1] == ']')
if(var.name.size() > 3 && var.name[c - 3] == '[' && var.name[c - 2] == '0' && var.name[c - 1] == ']')
var.name.resize(c - 3);
else
var.type.elements = 1;
renderdoc/driver/shaders/dxbc/dxbc_container.cpp
+1 -1
View File
@@ -2531,7 +2531,7 @@ float4 main(float3 input : INPUT) : SV_Target0
}
}
bool dwordLength[15] = {};
bool dwordLength[16] = {};
for(rdcstr snippet : snippets)
{
renderdoc/driver/shaders/dxil/llvm_bitwriter.h
+8 -5
View File
@@ -223,11 +223,14 @@ private:
// how many remaining bits are there in the next byte
const size_t remainingBits = bufBitSize - 8;
buf++;
b = *buf;
// mask as necessary
if(remainingBits < 8)
b &= (1 << remainingBits) - 1;
if(remainingBits > 0)
{
buf++;
b = *buf;
// mask as necessary
if(remainingBits < 8)
b &= (1 << remainingBits) - 1;
}
}
bufBitSize -= 8;
renderdoc/driver/vulkan/vk_postvs.cpp
+3
View File
@@ -6393,6 +6393,9 @@ void VulkanReplay::InitPostVSBuffers(const rdcarray<uint32_t> &events)
break;
}
if(first >= events.size())
return;
// first we must replay up to the first event without replaying it. This ensures any
// non-command buffer calls like memory unmaps etc all happen correctly before this
// command buffer
renderdoc/driver/vulkan/vk_shaderdebug.cpp
+2 -1
View File
@@ -1612,7 +1612,8 @@ private:
// lower_bound puts us at the same or next item. Since we want the buffer that contains
// this address, we go to the previous iter unless we're already on the first or
// it's an exact match
if(address != it->first && it != m_Creation.m_BufferAddresses.begin())
if(it == m_Creation.m_BufferAddresses.end() ||
(address != it->first && it != m_Creation.m_BufferAddresses.begin()))
it--;
// use the index in the map as a unique buffer identifier that's not 64-bit
bind.arrayElement = uint32_t(it - m_Creation.m_BufferAddresses.begin());