Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3b48e157 authored by Ian Elliott's avatar Ian Elliott
Browse files

Vulkan: Avoid buffer overflow by ignoring duplicate extensions 

For any instance extension that a Vulkan driver supports, if a
VkInstance is created with that extension listed multiple times, the
2nd-nth times should be ignored.  That avoids overwriting an array in
CreateInfoWrapper::FilterExtension().

Test: Manual testing with logcat
Bug: 288929054
Change-Id: I096a6752e0f4abef868efdb6f8b4bcbd0c0c79cd
Merged-In: I096a6752e0f4abef868efdb6f8b4bcbd0c0c79cd
parent 574ac3e2

vulkan/libvulkan/driver.cpp

+11 −0
Original line number Diff line number Diff line
@@ -763,6 +763,17 @@ void CreateInfoWrapper::FilterExtension(const char* name) { 
            continue;

        }



        // Ignore duplicate extensions (see: b/288929054)

        bool duplicate_entry = false;

        for (uint32_t j = 0; j < filter.name_count; j++) {

            if (strcmp(name, filter.names[j]) == 0) {

                duplicate_entry = true;

                break;

            }

        }

        if (duplicate_entry == true)

            continue;



        filter.names[filter.name_count++] = name;

        if (ext_bit != ProcHook::EXTENSION_UNKNOWN) {

            if (ext_bit == ProcHook::ANDROID_native_buffer)