Out-of-bounds read in populateBufferWithCopy KhronosGroup#417

Signed-off-by: sumcai <[email protected]>
sumcai · Jul 16, 2024 · 6ad0f9e · 6ad0f9e
1 parent 5b2dfe7
commit 6ad0f9e
Showing 1 changed file with 7 additions and 7 deletions.
diff --git a/...al/vulkancts/modules/vulkan/robustness/vktRobustBufferAccessWithVariablePointersTests.cpp b/...al/vulkancts/modules/vulkan/robustness/vktRobustBufferAccessWithVariablePointersTests.cpp
@@ -102,7 +102,7 @@ typedef void (*FillBufferProcPtr)(void *, vk::VkDeviceSize, const void *const);
 void createTestBuffer(Context &context, const vk::DeviceInterface &deviceInterface, const VkDevice &device,
                       VkDeviceSize accessRange, VkBufferUsageFlags usage, SimpleAllocator &allocator,
                       Move<VkBuffer> &buffer, de::MovePtr<Allocation> &bufferAlloc, AccessRangesData &data,
-                      FillBufferProcPtr fillBufferProc, const void *const blob)
+                      FillBufferProcPtr fillBufferProc, const void *const blob, bool useAccessRange)
 {
     const VkBufferCreateInfo bufferParams = {
         VK_STRUCTURE_TYPE_BUFFER_CREATE_INFO, // VkStructureType sType;
@@ -127,9 +127,9 @@ void createTestBuffer(Context &context, const vk::DeviceInterface &deviceInterfa
     VK_CHECK(deviceInterface.bindBufferMemory(device, *buffer, bufferAlloc->getMemory(), bufferAlloc->getOffset()));
 #ifdef CTS_USES_VULKANSC
     if (context.getTestContext().getCommandLine().isSubProcess())
-        fillBufferProc(bufferAlloc->getHostPtr(), bufferMemoryReqs.size, blob);
+        fillBufferProc(bufferAlloc->getHostPtr(), useAccessRange ? accessRange : bufferMemoryReqs.size, blob);
 #else
-    fillBufferProc(bufferAlloc->getHostPtr(), bufferMemoryReqs.size, blob);
+    fillBufferProc(bufferAlloc->getHostPtr(), useAccessRange ? accessRange : bufferMemoryReqs.size, blob);
     DE_UNREF(context);
 #endif // CTS_USES_VULKANCSC
     flushMappedMemoryRange(deviceInterface, device, bufferAlloc->getMemory(), bufferAlloc->getOffset(), VK_WHOLE_SIZE);
@@ -1407,9 +1407,9 @@ AccessInstance::AccessInstance(Context &context, Move<VkDevice> device,
     }
 
     createTestBuffer(context, vk, *m_device, inBufferAccessRange, VK_BUFFER_USAGE_STORAGE_BUFFER_BIT, memAlloc,
-                     m_inBuffer, m_inBufferAlloc, m_inBufferAccess, &populateBufferWithValues, &m_bufferFormat);
+                     m_inBuffer, m_inBufferAlloc, m_inBufferAccess, &populateBufferWithValues, &m_bufferFormat, false);
     createTestBuffer(context, vk, *m_device, outBufferAccessRange, VK_BUFFER_USAGE_STORAGE_BUFFER_BIT, memAlloc,
-                     m_outBuffer, m_outBufferAlloc, m_outBufferAccess, &populateBufferWithFiller, DE_NULL);
+                     m_outBuffer, m_outBufferAlloc, m_outBufferAccess, &populateBufferWithFiller, DE_NULL, false);
 
     int32_t indices[] = {(m_accessOutOfBackingMemory && (m_bufferAccessType == BUFFER_ACCESS_TYPE_READ_FROM_STORAGE)) ?
                              static_cast<int32_t>(RobustAccessWithPointersTest::s_testArraySize) - 1 :
@@ -1420,7 +1420,7 @@ AccessInstance::AccessInstance(Context &context, Move<VkDevice> device,
                          0};
     AccessRangesData indicesAccess;
     createTestBuffer(context, vk, *m_device, 3 * sizeof(int32_t), VK_BUFFER_USAGE_UNIFORM_BUFFER_BIT, memAlloc,
-                     m_indicesBuffer, m_indicesBufferAlloc, indicesAccess, &populateBufferWithCopy, &indices);
+                     m_indicesBuffer, m_indicesBufferAlloc, indicesAccess, &populateBufferWithCopy, &indices, true);
 
     log << tcu::TestLog::Message << "input  buffer - alloc size: " << m_inBufferAccess.allocSize
         << tcu::TestLog::EndMessage;
@@ -1520,7 +1520,7 @@ AccessInstance::AccessInstance(Context &context, Move<VkDevice> device,
         };
         const VkDeviceSize vertexBufferSize = static_cast<VkDeviceSize>(sizeof(vertices));
         createTestBuffer(context, vk, *m_device, vertexBufferSize, VK_BUFFER_USAGE_VERTEX_BUFFER_BIT, memAlloc,
-                         m_vertexBuffer, m_vertexBufferAlloc, vertexAccess, &populateBufferWithCopy, &vertices);
+                         m_vertexBuffer, m_vertexBufferAlloc, vertexAccess, &populateBufferWithCopy, &vertices, true);
 
         const GraphicsEnvironment::DrawConfig drawWithOneVertexBuffer = {
             std::vector<VkBuffer>(1, *m_vertexBuffer), // std::vector<VkBuffer> vertexBuffers;