commit b639e68495ae732faaa81d5ed85584f39ff6e580
author Yan <shaobo.yan@intel.com> Fri Nov 15 09:32:56 2019 +0000
committer Commit Bot service account <commit-bot@chromium.org> Fri Nov 15 09:32:56 2019 +0000
tree afd5d7cd967108fe0d86e2948fe57cd12073a448
parent 9b67273de9e57ac5aa2b3d37a60dd270ec09e973

Add large buffer to handle super large data block commands

TerribleCommandBuffer has space for 10,000,000 bytes worth of commands. If
commands contain super large data block (e.g. setsubdata), it will
return nullptr and crash dawn wire layer.

This patch adds a large buffer to handle super large data block.

BUG=dawn:251

Change-Id: Ib007e92b5282afbb93aef63cfffe5a3965f6d5c1
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/13040
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Reviewed-by: Austin Eng <enga@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>

src/utils/TerribleCommandBuffer.cpp

diff --git a/src/utils/TerribleCommandBuffer.cpp b/src/utils/TerribleCommandBuffer.cpp
index 77f86ec..aa0bc8c 100644
--- a/src/utils/TerribleCommandBuffer.cpp
+++ b/src/utils/TerribleCommandBuffer.cpp
@@ -34,26 +34,71 @@
         //   (Here and/or in the caller?) It might be good to make the wire receiver get a nullptr
         //   instead of pointer to zero-sized allocation in mBuffer.
 
+        // Cannot have commands in mBuffer and mLargeBuffer at same time.
+        ASSERT(mOffset == 0 || mLargeBufferCmdSize == 0);
+
         if (size > sizeof(mBuffer)) {
-            return nullptr;
+            // Flush current cmds in mBuffer to keep order.
+            if (mOffset > 0) {
+                if (!Flush()) {
+                    return nullptr;
+                }
+                return GetCmdSpace(size);
+            }
+
+            // Resize large buffer to the size that can
+            // contain incoming command if needed.
+            if (mLargeBuffer.size() < size) {
+                mLargeBuffer.resize(size);
+            }
+
+            // Record whole cmd space.
+            mLargeBufferCmdSize = size;
+
+            return mLargeBuffer.data();
         }
 
-        char* result = &mBuffer[mOffset];
-        mOffset += size;
-
-        if (mOffset > sizeof(mBuffer)) {
+        // Trigger flush if large buffer contain cmds.
+        if (mLargeBufferCmdSize > 0) {
             if (!Flush()) {
                 return nullptr;
             }
             return GetCmdSpace(size);
         }
 
+        // Need to flush large buffer first.
+        ASSERT(mLargeBufferCmdSize == 0);
+
+        char* result = &mBuffer[mOffset];
+
+        if (sizeof(mBuffer) - size < mOffset) {
+            if (!Flush()) {
+                return nullptr;
+            }
+            return GetCmdSpace(size);
+        }
+
+        mOffset += size;
+
         return result;
     }
 
     bool TerribleCommandBuffer::Flush() {
-        bool success = mHandler->HandleCommands(mBuffer, mOffset) != nullptr;
+        // Cannot have commands in mBuffer and mLargeBuffer at same time.
+        ASSERT(mOffset == 0 || mLargeBufferCmdSize == 0);
+
+        bool success = false;
+        // Big buffer not empty, flush it!
+        if (mLargeBufferCmdSize > 0) {
+            success = mHandler->HandleCommands(mLargeBuffer.data(), mLargeBufferCmdSize) != nullptr;
+            // Clear big command buffers.
+            mLargeBufferCmdSize = 0;
+            return success;
+        }
+
+        success = mHandler->HandleCommands(mBuffer, mOffset) != nullptr;
         mOffset = 0;
+
         return success;
     }