rooty/dxvk
1
0
Fork 0
mirror of https://github.com/doitsujin/dxvk.git synced 2025-01-07 16:46:17 +01:00
Code Issues Projects Releases Wiki Activity

[d3d11] Validate indirect draw buffer size

Browse Source 
Otherwise, if the draw parameter offset is out of bounds, we
may hang the GPU.

Fixes #2286.
This commit is contained in:
Philip Rebohle 2021-09-11 19:38:24 +02:00
parent 3c7e5c9300
commit de7fb51e64
No known key found for this signature in database
GPG Key ID: C8CC613427A31C99
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/d3d11/d3d11_context.cpp
View File

@ -1289,6 +1289,9 @@ namespace dxvk {
D3D10DeviceLock lock = LockContext(); D3D10DeviceLock lock = LockContext();
SetDrawBuffers(pBufferForArgs, nullptr); SetDrawBuffers(pBufferForArgs, nullptr);
if (!ValidateDrawBufferSize(pBufferForArgs, AlignedByteOffsetForArgs, sizeof(VkDrawIndexedIndirectCommand)))
return;
// If possible, batch up multiple indirect draw calls of // If possible, batch up multiple indirect draw calls of
// the same type into one single multiDrawIndirect call // the same type into one single multiDrawIndirect call
auto cmdData = static_cast<D3D11CmdDrawIndirectData*>(m_cmdData); auto cmdData = static_cast<D3D11CmdDrawIndirectData*>(m_cmdData);
@ -1320,6 +1323,9 @@ namespace dxvk {
D3D10DeviceLock lock = LockContext(); D3D10DeviceLock lock = LockContext();
SetDrawBuffers(pBufferForArgs, nullptr); SetDrawBuffers(pBufferForArgs, nullptr);
if (!ValidateDrawBufferSize(pBufferForArgs, AlignedByteOffsetForArgs, sizeof(VkDrawIndirectCommand)))
return;
// If possible, batch up multiple indirect draw calls of // If possible, batch up multiple indirect draw calls of
// the same type into one single multiDrawIndirect call // the same type into one single multiDrawIndirect call
auto cmdData = static_cast<D3D11CmdDrawIndirectData*>(m_cmdData); auto cmdData = static_cast<D3D11CmdDrawIndirectData*>(m_cmdData);

9
src/d3d11/d3d11_context.h
View File

@ -958,6 +958,15 @@ namespace dxvk {
return stride >= minStride && stride <= 32 ? stride : 0; return stride >= minStride && stride <= 32 ? stride : 0;
} }
static bool ValidateDrawBufferSize(ID3D11Buffer* pBuffer, UINT Offset, UINT Size) {
UINT bufferSize = 0;
if (likely(pBuffer != nullptr))
bufferSize = static_cast<D3D11Buffer*>(pBuffer)->Desc()->ByteWidth;
return bufferSize >= Offset + Size;
}
template<typename Cmd> template<typename Cmd>
void EmitCs(Cmd&& command) { void EmitCs(Cmd&& command) {
m_cmdData = nullptr; m_cmdData = nullptr;