Enforce size limits on struct and array declarations.
This improves error reporting by more clearly attaching the error
message to the oversized type.
Bug: chromium:1432603
Change-Id: I26511f08aff22072cf4913abf7be2c49940a732c
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/671377
Reviewed-by: Ben Wagner <bungeman@google.com>
Commit-Queue: John Stiles <johnstiles@google.com>
(cherry picked from commit 1cbd33ecd73523f8d4bf88e9c5576303b39e5556)
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/673918
Commit-Queue: Rakshit Sharma <sharaks@google.com>
Auto-Submit: John Stiles <johnstiles@google.com>
Reviewed-by: Rakshit Sharma <sharaks@google.com>
diff --git a/gn/sksl_tests.gni b/gn/sksl_tests.gni
index 6d8222d..c2aca55 100644
--- a/gn/sksl_tests.gni
+++ b/gn/sksl_tests.gni
@@ -190,6 +190,7 @@
"/sksl/errors/ProgramTooLarge_Globals.rts",
"/sksl/errors/ProgramTooLarge_Parameters.rts",
"/sksl/errors/ProgramTooLarge_Stack.rts",
+ "/sksl/errors/ProgramTooLarge_Struct.rts",
"/sksl/errors/PrototypeInFuncBody.rts",
"/sksl/errors/RTAdjustType.sksl",
"/sksl/errors/ReadonlyWriteonly.compute",
diff --git a/resources/sksl/errors/ProgramTooLarge_Globals.rts b/resources/sksl/errors/ProgramTooLarge_Globals.rts
index af0ad17..ee2556b 100644
--- a/resources/sksl/errors/ProgramTooLarge_Globals.rts
+++ b/resources/sksl/errors/ProgramTooLarge_Globals.rts
@@ -6,11 +6,10 @@
};
int small;
-S medium;
-S large[10];
-S extra_large[100];
-S xxl[50000];
-
+S medium[30];
+S large[50];
+S extra_large[70];
+S xxl[90];
/*%%*
global variable 'extra_large' exceeds the size limit
diff --git a/resources/sksl/errors/ProgramTooLarge_Parameters.rts b/resources/sksl/errors/ProgramTooLarge_Parameters.rts
index cced977..4e15ebd 100644
--- a/resources/sksl/errors/ProgramTooLarge_Parameters.rts
+++ b/resources/sksl/errors/ProgramTooLarge_Parameters.rts
@@ -1,11 +1,14 @@
struct S {
half4 ah4[1];
- half ah[99999];
+ half ah[99990];
half4 h4;
half h;
};
void func(int small,
+ int parameters,
+ int are,
+ int allowed,
S big_chungus,
S no_report /*we don't need to report overflows past the first*/) {}
diff --git a/resources/sksl/errors/ProgramTooLarge_Stack.rts b/resources/sksl/errors/ProgramTooLarge_Stack.rts
index 4f00436..a8f5217 100644
--- a/resources/sksl/errors/ProgramTooLarge_Stack.rts
+++ b/resources/sksl/errors/ProgramTooLarge_Stack.rts
@@ -1,12 +1,12 @@
struct S {
half4 ah4[1];
- half ah[99999];
+ half ah[99990];
half4 h4;
half h;
};
void func() {
- int small;
+ int small, variables, are, allowed;
S big_chungus;
S no_report; // we don't need to report overflows past the first
}
diff --git a/resources/sksl/errors/ProgramTooLarge_Struct.rts b/resources/sksl/errors/ProgramTooLarge_Struct.rts
new file mode 100644
index 0000000..690e1d3
--- /dev/null
+++ b/resources/sksl/errors/ProgramTooLarge_Struct.rts
@@ -0,0 +1,24 @@
+struct A {
+ int4 big[25001]; // 100,004 slots
+};
+
+struct B {
+ int4 a[12500]; // 50,000 slots
+ int b[49999]; // 99,999 slots
+ int c; // 100,000 slots
+};
+
+struct C {
+ int a[99999]; // 99,999 slots (safe)
+};
+
+struct D {
+ C a; // 99,999 slots
+ int b; // 100,000 slots
+};
+
+/*%%*
+array size is too large
+struct is too large
+struct is too large
+*%%*/
diff --git a/src/sksl/dsl/DSLType.cpp b/src/sksl/dsl/DSLType.cpp
index 6250795..d27c5c8 100644
--- a/src/sksl/dsl/DSLType.cpp
+++ b/src/sksl/dsl/DSLType.cpp
@@ -270,7 +270,7 @@
DSLType Array(const DSLType& base, int count, Position pos) {
count = base.skslType().convertArraySize(ThreadContext::Context(), pos,
- DSLExpression(count, pos).release());
+ DSLExpression(count, pos).release());
if (!count) {
return DSLType(kPoison_Type);
}
@@ -282,7 +282,7 @@
return DSLType(kPoison_Type);
}
return ThreadContext::SymbolTable()->addArrayDimension(&base.skslType(),
- SkSL::Type::kUnsizedArray);
+ SkSL::Type::kUnsizedArray);
}
DSLType StructType(std::string_view name,
diff --git a/src/sksl/ir/SkSLType.cpp b/src/sksl/ir/SkSLType.cpp
index c1f9968..0e64a64 100644
--- a/src/sksl/ir/SkSLType.cpp
+++ b/src/sksl/ir/SkSLType.cpp
@@ -12,6 +12,7 @@
#include "include/private/SkTFitsIn.h"
#include "include/sksl/SkSLErrorReporter.h"
#include "src/core/SkMathPriv.h"
+#include "src/core/SkSafeMath.h"
#include "src/sksl/SkSLBuiltinTypes.h"
#include "src/sksl/SkSLConstantFolder.h"
#include "src/sksl/SkSLContext.h"
@@ -679,6 +680,17 @@
break;
}
}
+ size_t slots = 0;
+ for (const Field& field : fields) {
+ if (field.fType->isUnsizedArray()) {
+ continue;
+ }
+ slots = SkSafeMath::Add(slots, field.fType->slotCount());
+ if (slots >= kVariableSlotLimit) {
+ context.fErrors->error(pos, "struct is too large");
+ break;
+ }
+ }
return std::make_unique<StructType>(pos, name, std::move(fields), interfaceBlock);
}
@@ -1129,8 +1141,9 @@
return true;
}
-SKSL_INT Type::convertArraySize(const Context& context, Position arrayPos,
- std::unique_ptr<Expression> size) const {
+SKSL_INT Type::convertArraySize(const Context& context,
+ Position arrayPos,
+ std::unique_ptr<Expression> size) const {
size = context.fTypes.fInt->coerceExpression(std::move(size), context);
if (!size) {
return 0;
@@ -1147,7 +1160,7 @@
context.fErrors->error(size->fPosition, "array size must be positive");
return 0;
}
- if (!SkTFitsIn<int32_t>(count)) {
+ if (SkSafeMath::Mul(this->slotCount(), count) > kVariableSlotLimit) {
context.fErrors->error(size->fPosition, "array size is too large");
return 0;
}
diff --git a/tests/sksl/errors/ProgramTooLarge_Globals.glsl b/tests/sksl/errors/ProgramTooLarge_Globals.glsl
index 406949a..ccb7706 100644
--- a/tests/sksl/errors/ProgramTooLarge_Globals.glsl
+++ b/tests/sksl/errors/ProgramTooLarge_Globals.glsl
@@ -1,6 +1,6 @@
### Compilation failed:
error: 11: global variable 'extra_large' exceeds the size limit
-S extra_large[100];
-^^^^^^^^^^^^^^^^^^
+S extra_large[70];
+^^^^^^^^^^^^^^^^^
1 error
diff --git a/tests/sksl/errors/ProgramTooLarge_Parameters.glsl b/tests/sksl/errors/ProgramTooLarge_Parameters.glsl
index d92c325..3ece6f3 100644
--- a/tests/sksl/errors/ProgramTooLarge_Parameters.glsl
+++ b/tests/sksl/errors/ProgramTooLarge_Parameters.glsl
@@ -1,6 +1,6 @@
### Compilation failed:
-error: 10: variable 'big_chungus' exceeds the stack size limit
+error: 13: variable 'big_chungus' exceeds the stack size limit
S no_report /*we don't need to report overflows past the first*/) {}
^^
1 error
diff --git a/tests/sksl/errors/ProgramTooLarge_Struct.glsl b/tests/sksl/errors/ProgramTooLarge_Struct.glsl
new file mode 100644
index 0000000..ebe47f7
--- /dev/null
+++ b/tests/sksl/errors/ProgramTooLarge_Struct.glsl
@@ -0,0 +1,12 @@
+### Compilation failed:
+
+error: 2: array size is too large
+ int4 big[25001]; // 100,004 slots
+ ^^^^^^^^^^^^^^^
+error: 5: struct is too large
+struct B {
+^^^^^^^^^^...
+error: 15: struct is too large
+struct D {
+^^^^^^^^^^...
+3 errors
diff --git a/tests/sksl/shared/Ossfuzz37900.asm.frag b/tests/sksl/shared/Ossfuzz37900.asm.frag
index 9751821..5fb2b3c 100644
--- a/tests/sksl/shared/Ossfuzz37900.asm.frag
+++ b/tests/sksl/shared/Ossfuzz37900.asm.frag
@@ -1,6 +1,6 @@
### Compilation failed:
-error: 2: variable 'a' exceeds the stack size limit
+error: 2: array size is too large
int[2147483646] a, b=a, c=a, d=a, e=a, f=a, g=a, h=a, i=a, j=a, k=a;
- ^^^^^^^^^^^^^^^^^
+ ^^^^^^^^^^^^^^^
1 error
diff --git a/tests/sksl/shared/Ossfuzz37900.glsl b/tests/sksl/shared/Ossfuzz37900.glsl
index 9751821..5fb2b3c 100644
--- a/tests/sksl/shared/Ossfuzz37900.glsl
+++ b/tests/sksl/shared/Ossfuzz37900.glsl
@@ -1,6 +1,6 @@
### Compilation failed:
-error: 2: variable 'a' exceeds the stack size limit
+error: 2: array size is too large
int[2147483646] a, b=a, c=a, d=a, e=a, f=a, g=a, h=a, i=a, j=a, k=a;
- ^^^^^^^^^^^^^^^^^
+ ^^^^^^^^^^^^^^^
1 error
diff --git a/tests/sksl/shared/Ossfuzz37900.hlsl b/tests/sksl/shared/Ossfuzz37900.hlsl
new file mode 100644
index 0000000..5fb2b3c
--- /dev/null
+++ b/tests/sksl/shared/Ossfuzz37900.hlsl
@@ -0,0 +1,6 @@
+### Compilation failed:
+
+error: 2: array size is too large
+ int[2147483646] a, b=a, c=a, d=a, e=a, f=a, g=a, h=a, i=a, j=a, k=a;
+ ^^^^^^^^^^^^^^^
+1 error
diff --git a/tests/sksl/shared/Ossfuzz37900.metal b/tests/sksl/shared/Ossfuzz37900.metal
index 9751821..5fb2b3c 100644
--- a/tests/sksl/shared/Ossfuzz37900.metal
+++ b/tests/sksl/shared/Ossfuzz37900.metal
@@ -1,6 +1,6 @@
### Compilation failed:
-error: 2: variable 'a' exceeds the stack size limit
+error: 2: array size is too large
int[2147483646] a, b=a, c=a, d=a, e=a, f=a, g=a, h=a, i=a, j=a, k=a;
- ^^^^^^^^^^^^^^^^^
+ ^^^^^^^^^^^^^^^
1 error
diff --git a/tests/sksl/shared/Ossfuzz37900.skrp b/tests/sksl/shared/Ossfuzz37900.skrp
new file mode 100644
index 0000000..e3e5897
--- /dev/null
+++ b/tests/sksl/shared/Ossfuzz37900.skrp
@@ -0,0 +1,9 @@
+### Compilation failed:
+
+error: 1: 'main' must return: 'vec4', 'float4', or 'half4'
+void main() {
+^^^^^^^^^^^
+error: 2: array size is too large
+ int[2147483646] a, b=a, c=a, d=a, e=a, f=a, g=a, h=a, i=a, j=a, k=a;
+ ^^^^^^^^^^^^^^^
+2 errors
