commit 48f5066cbab8c475b8eb8d7b2562cfe0cc011b96
author Michael Lentine <mlentine@google.com> Wed Oct 28 16:26:14 2015 -0700
committer Mark Lobodzinski <mark@lunarg.com> Wed Nov 04 10:23:16 2015 -0700
tree 5d02753ee940f4de7ebe53455d0ed017508548e4
parent 3dea6519b11cd76cf2dc5eec76fae0e0a43f8f2f

layers: Add map range validation.

Merge Request 52

layers/mem_tracker.cpp

diff --git a/layers/mem_tracker.cpp b/layers/mem_tracker.cpp
index 93b1d8e..4d3e566 100644
--- a/layers/mem_tracker.cpp
+++ b/layers/mem_tracker.cpp
@@ -1239,6 +1239,26 @@
     my_data->device_dispatch_table->FreeMemory(device, mem, pAllocator);
 }
 
+bool validateMemRange(
+    VkDevice        device,
+    VkDeviceMemory  mem,
+    VkDeviceSize    offset,
+    VkDeviceSize    size)
+{
+    layer_data *my_data = get_my_data_ptr(get_dispatch_key(device), layer_data_map);
+    bool skip_call = false;
+
+    auto mem_element = my_data->memObjMap.find(mem);
+    if (mem_element != my_data->memObjMap.end()) {
+        if ((offset + size) > mem_element->second.allocInfo.allocationSize) {
+            skip_call = log_msg(my_data->report_data, VK_DBG_REPORT_ERROR_BIT, VK_OBJECT_TYPE_DEVICE_MEMORY, (uint64_t) mem, 0,
+                                MEMTRACK_INVALID_MAP, "MEM", "Mapping Memory from %" PRIu64 " to %" PRIu64 " with total array size %" PRIu64,
+                                offset, size + offset, mem_element->second.allocInfo.allocationSize);
+        }
+    }
+    return skip_call;
+}
+
 VK_LAYER_EXPORT VkResult VKAPI vkMapMemory(
     VkDevice         device,
     VkDeviceMemory   mem,
@@ -1258,6 +1278,7 @@
         skipCall = log_msg(my_data->report_data, VK_DBG_REPORT_ERROR_BIT, VK_OBJECT_TYPE_DEVICE_MEMORY, (uint64_t) mem, 0, MEMTRACK_INVALID_STATE, "MEM",
                        "Mapping Memory without VK_MEMORY_PROPERTY_HOST_VISIBLE_BIT set: mem obj %#" PRIxLEAST64, (uint64_t) mem);
     }
+    skipCall |= validateMemRange(device, mem, offset, size);
     loader_platform_thread_unlock_mutex(&globalLock);
     if (VK_FALSE == skipCall) {
         result = my_data->device_dispatch_table->MapMemory(device, mem, offset, size, flags, ppData);

layers/mem_tracker.h

diff --git a/layers/mem_tracker.h b/layers/mem_tracker.h
index b638ce4..5c9887d 100644
--- a/layers/mem_tracker.h
+++ b/layers/mem_tracker.h
@@ -48,6 +48,7 @@
     MEMTRACK_INVALID_FENCE_STATE,           // Invalid Fence State signaled or used
     MEMTRACK_REBIND_OBJECT,                 // Non-sparse object bindings are immutable
     MEMTRACK_INVALID_USAGE_FLAG,            // Usage flags specified at image/buffer create conflict w/ use of object
+    MEMTRACK_INVALID_MAP,                   // Size flag specified at alloc is too small for mapping range
 } MEM_TRACK_ERROR;
 
 // MemTracker Semaphore states