From f009860528254c5ef820d95de7affcca70a9c7c3 Mon Sep 17 00:00:00 2001 From: Nicolas Silva Date: Wed, 13 Jul 2022 18:34:36 +0200 Subject: [PATCH] Validate the range in map_async. (#2876) * Validate the range in map_async. * Add an entry in the changelog. --- CHANGELOG.md | 1 + wgpu-core/src/device/mod.rs | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index af9d771b2b..cc8603217c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -49,6 +49,7 @@ Bottom level categories: - `get_texture_format_features` only lists the COPY_* usages if the adapter actually supports that usage by @cwfitzgerald in [#2856](https://github.com/gfx-rs/wgpu/pull/2856) - Fix bind group / pipeline deduplication not taking into account RenderBundle execution resetting these values by @shoebe [#2867](https://github.com/gfx-rs/wgpu/pull/2867) - Fix panics that occur when using `as_hal` functions when the hal generic type does not match the hub being looked up in by @i509VCB [#2871](https://github.com/gfx-rs/wgpu/pull/2871) +- Add some validation in map_async by @nical in [#2876](https://github.com/gfx-rs/wgpu/pull/2876) #### DX12 - `DownlevelCapabilities::default()` now returns the `ANISOTROPIC_FILTERING` flag set to true so DX12 lists `ANISOTROPIC_FILTERING` as true again by @cwfitzgerald in [#2851](https://github.com/gfx-rs/wgpu/pull/2851) diff --git a/wgpu-core/src/device/mod.rs b/wgpu-core/src/device/mod.rs index 68a012eced..d132b7f419 100644 --- a/wgpu-core/src/device/mod.rs +++ b/wgpu-core/src/device/mod.rs @@ -5354,6 +5354,14 @@ impl Global { .map_err(|_| resource::BufferAccessError::Invalid)?; check_buffer_usage(buffer.usage, pub_usage)?; + + if range.end > buffer.size { + return Err(resource::BufferAccessError::OutOfBoundsOverrun { + index: range.end, + max: buffer.size, + }); + } + buffer.map_state = match buffer.map_state { resource::BufferMapState::Init { .. } | resource::BufferMapState::Active { .. } => { return Err(resource::BufferAccessError::AlreadyMapped);