D3D11: Add validation for storages size in updateBufferStorage
The source/dest BufferStorage used by the updateBufferStorage
may have a raw buffer ptr value of null.
Add size validation to prevent null crashes.
Bug: angleproject:6235
Change-Id: I57ed1ae0e558bd2f61273c64ed067958a1603425
Reviewed-on: https://chromium-review.googlesource.com/c/angle/angle/+/3069000
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
diff --git a/src/libANGLE/renderer/d3d/d3d11/Buffer11.cpp b/src/libANGLE/renderer/d3d/d3d11/Buffer11.cpp
index 1e8f82b..732f86b 100644
--- a/src/libANGLE/renderer/d3d/d3d11/Buffer11.cpp
+++ b/src/libANGLE/renderer/d3d/d3d11/Buffer11.cpp
@@ -999,6 +999,11 @@
return angle::Result::Continue;
}
+ if (latestBuffer->getSize() == 0 || storage->getSize() == 0)
+ {
+ return angle::Result::Continue;
+ }
+
// Copy through a staging buffer if we're copying from or to a non-staging, mappable
// buffer storage. This is because we can't map a GPU buffer, and copy CPU
// data directly. If we're already using a staging buffer we're fine.
diff --git a/src/tests/angle_end2end_tests_expectations.txt b/src/tests/angle_end2end_tests_expectations.txt
index aed9360..1c1ca46 100644
--- a/src/tests/angle_end2end_tests_expectations.txt
+++ b/src/tests/angle_end2end_tests_expectations.txt
@@ -79,6 +79,7 @@
6124 MAC OPENGL : GLSLTestLoops.*ContinueInSwitch/* = SKIP
6144 MAC OPENGL : BlitFramebufferTest.BlitDepthStencilPixelByPixel/* = SKIP
1227129 MAC METAL : StateChangeTestES3.SamplerMetadataUpdateOnSetProgram/* = SKIP
+6236 MAC OPENGL : BufferDataTestES3.DrawWithNotCallingBufferData/* = SKIP
// D3D
6091 WIN D3D11 : GLSLTest_ES3.InitGlobalComplexConstant/* = SKIP
@@ -93,6 +94,7 @@
// Android
6095 ANDROID GLES : GLSLTest_ES3.InitGlobalComplexConstant/ES3_OpenGLES = SKIP
6116 ANDROID GLES : GLSLTestLoops.ForNoCondition/ES3_OpenGLES = SKIP
+6237 ANDROID GLES : BufferDataTestES3.DrawWithNotCallingBufferData/ES3_OpenGLES = SKIP
// Nexus 5X expectations.
6149 NEXUS5X GLES : GLSLTest_ES31.StructAndArrayEqualOperator/* = SKIP
diff --git a/src/tests/gl_tests/BufferDataTest.cpp b/src/tests/gl_tests/BufferDataTest.cpp
index d415c72..a4bd356 100644
--- a/src/tests/gl_tests/BufferDataTest.cpp
+++ b/src/tests/gl_tests/BufferDataTest.cpp
@@ -746,6 +746,24 @@
EXPECT_PIXEL_COLOR_EQ(3, 3, GLColor::green);
}
+// Tests a null crash bug caused by copying from null back-end buffer pointer
+// when calling bufferData again after drawing without calling bufferData in D3D11.
+TEST_P(BufferDataTestES3, DrawWithNotCallingBufferData)
+{
+ ANGLE_GL_PROGRAM(drawRed, essl3_shaders::vs::Simple(), essl3_shaders::fs::Red());
+ glUseProgram(drawRed);
+
+ GLint mem = 0;
+ GLBuffer buffer;
+ glBindBuffer(GL_ARRAY_BUFFER, buffer);
+ glEnableVertexAttribArray(0);
+ glVertexAttribPointer(0, 4, GL_FLOAT, GL_FALSE, 0, 0);
+ glDrawArrays(GL_TRIANGLES, 0, 3);
+ glBindBuffer(GL_COPY_WRITE_BUFFER, buffer);
+ glBufferData(GL_COPY_WRITE_BUFFER, 1, &mem, GL_STREAM_DRAW);
+ ASSERT_GL_NO_ERROR();
+}
+
// Tests a bug where copying buffer data immediately after creation hit a nullptr in D3D11.
TEST_P(BufferDataTestES3, NoBufferInitDataCopyBug)
{
