lee/renderdoc
1
0
Fork 0
mirror of https://github.com/baldurk/renderdoc.git synced 2026-05-06 01:50:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix crash fetching data with an offset larger than the buffer size

Browse Source
This commit is contained in:
baldurk
2016-08-22 10:07:04 +02:00
parent 21a5bfd55a
commit d632bc7ba8
3 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
renderdoc/driver/d3d11/d3d11_debug.cpp
+8 -1
View File
@@ -1990,6 +1990,12 @@ void D3D11DebugManager::GetBufferData(ID3D11Buffer *buffer, uint64_t offset, uin
D3D11_BUFFER_DESC desc;
buffer->GetDesc(&desc);
if(offs >= desc.ByteWidth)
{
// can't read past the end of the buffer, return empty
return;
}
if(len == 0)
{
len = desc.ByteWidth - offs;
@@ -1997,7 +2003,8 @@ void D3D11DebugManager::GetBufferData(ID3D11Buffer *buffer, uint64_t offset, uin
if(len > 0 && offs + len > desc.ByteWidth)
{
RDCWARN("Attempting to read off the end of the array. Will be clamped");
RDCWARN("Attempting to read off the end of the buffer (%llu %llu). Will be clamped (%u)",
offset, length, desc.ByteWidth);
len = RDCMIN(len, desc.ByteWidth - offs);
}
renderdoc/driver/gl/gl_replay.cpp
+5 -4
View File
@@ -369,12 +369,13 @@ void GLReplay::GetBufferData(ResourceId buff, uint64_t offset, uint64_t len, vec
uint64_t bufsize = buf.size;
if(len > 0 && offset + len > buf.size)
if(len > 0 && offset + len > bufsize)
{
RDCWARN("Attempting to read off the end of the array. Will be clamped");
RDCWARN("Attempting to read off the end of the buffer (%llu %llu). Will be clamped (%llu)",
offset, len, bufsize);
if(offset < buf.size)
len = ~0ULL; // min below will clamp to max size size
if(offset < bufsize)
len = ~0ULL; // min below will clamp to max size
else
return; // offset past buffer size, return empty array
}
renderdoc/driver/vulkan/vk_debug.cpp
+14 -5
View File
@@ -3334,15 +3334,24 @@ void VulkanDebugManager::GetBufferData(ResourceId buff, uint64_t offset, uint64_
return;
}
if(len == 0)
uint64_t bufsize = m_pDriver->m_CreationInfo.m_Buffer[buff].size;
if(offset >= bufsize)
{
len = m_pDriver->m_CreationInfo.m_Buffer[buff].size - offset;
// can't read past the end of the buffer, return empty
return;
}
if(len > 0 && VkDeviceSize(offset + len) > m_pDriver->m_CreationInfo.m_Buffer[buff].size)
if(len == 0)
{
RDCWARN("Attempting to read off the end of the array. Will be clamped");
len = RDCMIN(len, m_pDriver->m_CreationInfo.m_Buffer[buff].size - offset);
len = bufsize - offset;
}
if(len > 0 && VkDeviceSize(offset + len) > bufsize)
{
RDCWARN("Attempting to read off the end of the buffer (%llu %llu). Will be clamped (%llu)",
offset, len, bufsize);
len = RDCMIN(len, bufsize - offset);
}
ret.resize((size_t)len);