commit 1b60d8d24b9af6bb5e3dd2f6301b9173dcf840d7
author Geoff Lang <geofflang@chromium.org> Fri Feb 10 14:56:55 2017 -0500
committer Commit Bot <commit-bot@chromium.org> Mon Feb 13 18:39:58 2017 +0000
tree 438b487dcbcefba58537b2afe4d99478934a6cbe
parent 1e031b279b9c4e0297a3d80e6555edf33e72ee8a

Add artificial limits to the total memory allocated by the NULL backend.

Fuzzer tests were capable of allocating very large chunks of memory by
calling glBufferData with a null pointer.  This sets a limit before the
NULL backend starts returning out of memory GL errors.

BUG=602737

Change-Id: Ic53ebcf999f951b96c1df82e4db57e949d03c908
Reviewed-on: https://chromium-review.googlesource.com/441184
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Reviewed-by: Jamie Madill <jmadill@chromium.org>

src/libANGLE/renderer/null/DisplayNULL.cpp

diff --git a/src/libANGLE/renderer/null/DisplayNULL.cpp b/src/libANGLE/renderer/null/DisplayNULL.cpp
index 7596f1b..1caa7c8 100644
--- a/src/libANGLE/renderer/null/DisplayNULL.cpp
+++ b/src/libANGLE/renderer/null/DisplayNULL.cpp
@@ -30,11 +30,16 @@
 egl::Error DisplayNULL::initialize(egl::Display *display)
 {
     mDevice = new DeviceNULL();
+
+    constexpr size_t kMaxTotalAllocationSize = 1 << 28;  // 256MB
+    mAllocationTracker.reset(new AllocationTrackerNULL(kMaxTotalAllocationSize));
+
     return egl::NoError();
 }
 
 void DisplayNULL::terminate()
 {
+    mAllocationTracker.reset();
     SafeDelete(mDevice);
 }
 
@@ -168,7 +173,7 @@
 
 ContextImpl *DisplayNULL::createContext(const gl::ContextState &state)
 {
-    return new ContextNULL(state);
+    return new ContextNULL(state, mAllocationTracker.get());
 }
 
 StreamProducerImpl *DisplayNULL::createStreamProducerD3DTextureNV12(