Google Git
Sign in
dawn / dawn / refs/heads/chromium/5418
commitc33d10ae79e5a9aa99512a7736da93039824f53b[log] [tgz]
authorBen Clayton <bclayton@google.com>Sun Nov 13 18:26:25 2022 +0000
committerDawn LUCI CQ <dawn-scoped@luci-project-accounts.iam.gserviceaccount.com>Sun Nov 13 18:26:25 2022 +0000
treef656ed62e26534a2d74e47c7a2a190889f6e39cb
parent570a0faf26679a867e80abf98fd947f53b6f0bc5 [diff]
tint/resolver: Fix bad pointer deref (UAF)

Passing a dereferenced value from Hashmap::Find() directly into Hashmap::Add() is a potential cause of UAF, as the insertion may reallocate the map, invalidating the input reference.

I'll try to think of ways to make this foot-gun harder to do, but this CL fixes the immediate bug found by fuzzers.

Bug: chromium:1383755
Change-Id: I4f8b2fcb0745b008a47ef9947c330afb9ac4e78f
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/110020
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: James Price <jrprice@google.com>
Commit-Queue: Ben Clayton <bclayton@google.com>
8 files changed
tree: f656ed62e26534a2d74e47c7a2a190889f6e39cb
  1. .vscode/
  2. build_overrides/
  3. docs/
  4. generator/
  5. include/
  6. infra/
  7. scripts/
  8. src/
  9. test/
  10. third_party/
  11. tools/
  12. webgpu-cts/
  13. .clang-format
  14. .clang-tidy
  15. .gitattributes
  16. .gitignore
  17. .gn
  18. AUTHORS
  19. BUILD.gn
  20. CMakeLists.txt
  21. CMakeSettings.json
  22. CODE_OF_CONDUCT.md
  23. codereview.settings
  24. CONTRIBUTING.md
  25. CPPLINT.cfg
  26. dawn.json
  27. dawn_wire.json
  28. DEPS
  29. DIR_METADATA
  30. Doxyfile
  31. go.mod
  32. go.sum
  33. go_presubmit_support.py
  34. LICENSE
  35. OWNERS
  36. PRESUBMIT.py
  37. README.chromium
  38. README.md
  39. tint_overrides_with_defaults.gni
README.md

Dawn's logo: a sun rising behind a stylized mountain inspired by the WebGPU logo. The text Dawn is written below it.

Dawn, a WebGPU implementation

Dawn is an open-source and cross-platform implementation of the work-in-progress WebGPU standard. More precisely it implements webgpu.h that is a one-to-one mapping with the WebGPU IDL. Dawn is meant to be integrated as part of a larger system and is the underlying implementation of WebGPU in Chromium.

Dawn provides several WebGPU building blocks:

  • WebGPU C/C++ headers that applications and other building blocks use.
    • The webgpu.h version that Dawn implements.
    • A C++ wrapper for the webgpu.h.
  • A “native” implementation of WebGPU using platforms' GPU APIs: D3D12, Metal, Vulkan and OpenGL. See per API support for more details.
  • A client-server implementation of WebGPU for applications that are in a sandbox without access to native drivers
  • Tint is a compiler for the WebGPU Shader Language (WGSL) that can be used in standalone to convert shaders from and to WGSL.

Helpful links:

Documentation table of content

Developer documentation:

User documentation: (TODO, figure out what overlaps with the webgpu.h docs)

Status

(TODO)

License

Apache 2.0 Public License, please see LICENSE.

Disclaimer

This is not an officially supported Google product.