CCF_100
/
yuzu-mirror
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #7731 from v1993/xfb-varying-check-fix 

shader_recompiler: fix potential OOB access
master
bunnei 2022-01-21 10:45:56 +07:00 committed by GitHub
parent ef7c50b276 a943600019
commit 03cf308c16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/shader_recompiler/backend/glsl/glsl_emit_context.cpp
Unescape Escape View File

@ -458,9 +458,10 @@ void EmitContext::DefineGenericOutput(size_t index, u32 invocations) {
std::string definition{fmt::format("layout(location={}", index)}; std::string definition{fmt::format("layout(location={}", index)};
const u32 remainder{4 - element}; const u32 remainder{4 - element};
const TransformFeedbackVarying* xfb_varying{}; const TransformFeedbackVarying* xfb_varying{};
if (!runtime_info.xfb_varyings.empty()) { const size_t xfb_varying_index{base_index + element};
xfb_varying = &runtime_info.xfb_varyings[base_index + element]; if (xfb_varying_index < runtime_info.xfb_varyings.size()) {
xfb_varying = xfb_varying && xfb_varying->components > 0 ? xfb_varying : nullptr; xfb_varying = &runtime_info.xfb_varyings[xfb_varying_index];
xfb_varying = xfb_varying->components > 0 ? xfb_varying : nullptr;
} }
const u32 num_components{xfb_varying ? xfb_varying->components : remainder}; const u32 num_components{xfb_varying ? xfb_varying->components : remainder};
if (element > 0) { if (element > 0) {

7
src/shader_recompiler/backend/spirv/spirv_emit_context.cpp
Unescape Escape View File

@ -164,9 +164,10 @@ void DefineGenericOutput(EmitContext& ctx, size_t index, std::optional<u32> invo
while (element < 4) { while (element < 4) {
const u32 remainder{4 - element}; const u32 remainder{4 - element};
const TransformFeedbackVarying* xfb_varying{}; const TransformFeedbackVarying* xfb_varying{};
if (!ctx.runtime_info.xfb_varyings.empty()) { const size_t xfb_varying_index{base_attr_index + element};
xfb_varying = &ctx.runtime_info.xfb_varyings[base_attr_index + element]; if (xfb_varying_index < ctx.runtime_info.xfb_varyings.size()) {
xfb_varying = xfb_varying && xfb_varying->components > 0 ? xfb_varying : nullptr; xfb_varying = &ctx.runtime_info.xfb_varyings[xfb_varying_index];
xfb_varying = xfb_varying->components > 0 ? xfb_varying : nullptr;
} }
const u32 num_components{xfb_varying ? xfb_varying->components : remainder}; const u32 num_components{xfb_varying ? xfb_varying->components : remainder};