Quick fix to resolve a heap corruption in shader translator.

For the long run, we should modify the ANGLE interface to also return size for mapped_name, so we can just construct the string with a size parameter. BUG=110559 TEST=test in the bug tracker, no more heap corruption R=gman Review URL: https://chromiumcodereview.appspot.com/9113066 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119172 0039d316-1c4b-4281-b951-d872f2087c98
author: zmo@chromium.org <zmo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-01-26 01:53:33 +0000
committer: zmo@chromium.org <zmo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-01-26 01:53:33 +0000
commit: 0f23fd7440d40e701c1dc455f41dc3127f71cb02 (patch)
tree: 08b9a0513b301bc2c3096e4e5c432bfa9721b942
parent: 8df3e8d369726024ed7d5fbd601c0176b9dd6465 (diff)
download: chromium_src-0f23fd7440d40e701c1dc455f41dc3127f71cb02.zip
chromium_src-0f23fd7440d40e701c1dc455f41dc3127f71cb02.tar.gz
chromium_src-0f23fd7440d40e701c1dc455f41dc3127f71cb02.tar.bz2
1 files changed, 12 insertions, 4 deletions
diff --git a/gpu/command_buffer/service/shader_translator.cc b/gpu/command_buffer/service/shader_translator.cc
index 6c1269f..63f1457 100644
--- a/gpu/command_buffer/service/shader_translator.cc
+++ b/gpu/command_buffer/service/shader_translator.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2011 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -44,22 +44,30 @@ void GetVariableInfo(ShHandle compiler, ShShaderInfo var_type,
   int num_vars = 0;
   ShGetInfo(compiler, var_type, &num_vars);
   for (int i = 0; i < num_vars; ++i) {
+    int len = 0;
     int size = 0;
     ShDataType type = SH_NONE;
 
     switch (var_type) {
       case SH_ACTIVE_ATTRIBUTES:
         ShGetActiveAttrib(
-            compiler, i, NULL, &size, &type, name.get(), mapped_name.get());
+            compiler, i, &len, &size, &type, name.get(), mapped_name.get());
         break;
       case SH_ACTIVE_UNIFORMS:
         ShGetActiveUniform(
-            compiler, i, NULL, &size, &type, name.get(), mapped_name.get());
+            compiler, i, &len, &size, &type, name.get(), mapped_name.get());
         break;
       default: NOTREACHED();
     }
 
-    ShaderTranslator::VariableInfo info(type, size, name.get());
+    // In theory we should CHECK(len <= name_len - 1) here, but ANGLE needs
+    // to handle long struct field name mapping before we can do this.
+    // Also, we should modify the ANGLE interface to also return a length
+    // for mapped_name.
+    std::string name_string(name.get(), std::min(len, name_len - 1));
+    mapped_name.get()[mapped_name_len - 1] = '\0';
+
+    ShaderTranslator::VariableInfo info(type, size, name_string);
     (*var_map)[mapped_name.get()] = info;
   }
 }
author	zmo@chromium.org <zmo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-01-26 01:53:33 +0000
committer	zmo@chromium.org <zmo@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-01-26 01:53:33 +0000
commit	0f23fd7440d40e701c1dc455f41dc3127f71cb02 (patch)
tree	08b9a0513b301bc2c3096e4e5c432bfa9721b942
parent	8df3e8d369726024ed7d5fbd601c0176b9dd6465 (diff)
download	chromium_src-0f23fd7440d40e701c1dc455f41dc3127f71cb02.zip chromium_src-0f23fd7440d40e701c1dc455f41dc3127f71cb02.tar.gz chromium_src-0f23fd7440d40e701c1dc455f41dc3127f71cb02.tar.bz2