DawnWireAndFrontendFuzzer: skip SwapChainBuilderSetImplementation
SetImplementation takes a pointer and would be shimmed by browsers so we
skip the call in the fuzzer, otherwise we'd dereference arbitrary
pointers.
BUG=chromium:906391
Change-Id: I61d8d729d3fb242e8ddf7452a88a653e05a82cc2
Reviewed-on: https://dawn-review.googlesource.com/c/2562
Reviewed-by: Dan Sinclair <dsinclair@google.com>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Commit-Queue: Corentin Wallez <cwallez@chromium.org>
diff --git a/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp b/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp
index 7a993df..f677892 100644
--- a/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp
+++ b/src/fuzzers/DawnWireServerAndFrontendFuzzer.cpp
@@ -35,8 +35,14 @@
std::vector<char> buf;
};
+void SkipSwapChainBuilderSetImplementation(dawnSwapChainBuilder builder, uint64_t) {
+}
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
dawnProcTable procs = dawn_native::GetProcs();
+ // SwapChainSetImplementation receives a pointer, skip calls to it as they would be intercepted
+ // in embedders or dawn_wire too.
+ procs.swapChainBuilderSetImplementation = SkipSwapChainBuilderSetImplementation;
dawnSetProcs(&procs);
dawn::Device nullDevice = dawn::Device::Acquire(dawn_native::null::CreateDevice());
