Fix a NULL dereference on buffer initialization.

In some cases, where the user would create a buffer with NULL (empty) data, we would attempt to dereference NULL when drawing with the buffer as a vertex attribute. BUG=angle:749 Change-Id: Ied5ecbab4608c85890cdf7cc32a8dae46989e33b Reviewed-on: https://chromium-review.googlesource.com/219090 Tested-by: Jamie Madill <jmadill@chromium.org> Reviewed-by: Shannon Woods <shannonwoods@chromium.org>
author: Jamie Madill <jmadill@chromium.org> 2014-09-19 13:17:51 -0400
committer: Jamie Madill <jmadill@chromium.org> 2014-09-19 18:50:53 +0000
commit: ee009b8ee5f35dc6cca44a30d4d6c9c65cfdb0a7 (patch)
tree: 0ebeb9afb7ef8cab7effee83a553f615ba7a944e
parent: 2f06dbfb3f4bd815a3fe5b52638b091c1e356a04 (diff)
download: angle-ee009b8ee5f35dc6cca44a30d4d6c9c65cfdb0a7.tar.gz
4 files changed, 27 insertions, 0 deletions
diff --git a/src/libGLESv2/renderer/d3d/MemoryBuffer.cpp b/src/libGLESv2/renderer/d3d/MemoryBuffer.cpp
index 301bbe8d..2b5b09a3 100644
--- a/src/libGLESv2/renderer/d3d/MemoryBuffer.cpp
+++ b/src/libGLESv2/renderer/d3d/MemoryBuffer.cpp
@@ -5,6 +5,7 @@
 //
 
 #include "libGLESv2/renderer/d3d/MemoryBuffer.h"
+#include "common/debug.h"
 
 #include <algorithm>
 #include <cstdlib>
@@ -66,6 +67,7 @@ const uint8_t *MemoryBuffer::data() const
 
 uint8_t *MemoryBuffer::data()
 {
+    ASSERT(mData);
     return mData;
 }
 
diff --git a/src/libGLESv2/renderer/d3d/MemoryBuffer.h b/src/libGLESv2/renderer/d3d/MemoryBuffer.h
index 2484c074..c65f79fe 100644
--- a/src/libGLESv2/renderer/d3d/MemoryBuffer.h
+++ b/src/libGLESv2/renderer/d3d/MemoryBuffer.h
@@ -21,6 +21,7 @@ class MemoryBuffer
 
     bool resize(size_t size);
     size_t size() const;
+    bool empty() const { return mSize == 0; }
 
     const uint8_t *data() const;
     uint8_t *data();
diff --git a/src/libGLESv2/renderer/d3d/d3d11/Buffer11.cpp b/src/libGLESv2/renderer/d3d/d3d11/Buffer11.cpp
index c612ddd0..43ce5ba8 100644
--- a/src/libGLESv2/renderer/d3d/d3d11/Buffer11.cpp
+++ b/src/libGLESv2/renderer/d3d/d3d11/Buffer11.cpp
@@ -233,6 +233,17 @@ void *Buffer11::getData()
 
     mReadUsageCount = 0;
 
+    // Only happens if we initialized the buffer with no data (NULL)
+    if (mResolvedData.empty())
+    {
+        if (!mResolvedData.resize(mSize))
+        {
+            return gl::error(GL_OUT_OF_MEMORY, (void*)NULL);
+        }
+    }
+
+    ASSERT(mResolvedData.size() >= mSize);
+
     return mResolvedData.data();
 }
 
diff --git a/tests/angle_tests/BufferDataTest.cpp b/tests/angle_tests/BufferDataTest.cpp
index 41c00950..c566a85b 100644
--- a/tests/angle_tests/BufferDataTest.cpp
+++ b/tests/angle_tests/BufferDataTest.cpp
@@ -114,6 +114,19 @@ TEST_F(BufferDataTest, ZeroNonNULLData)
     delete [] zeroData;
 }
 
+TEST_F(BufferDataTest, NULLResolvedData)
+{
+    glBindBuffer(GL_ARRAY_BUFFER, mBuffer);
+    glBufferData(GL_ARRAY_BUFFER, 128, NULL, GL_DYNAMIC_DRAW);
+
+    glUseProgram(mProgram);
+    glVertexAttribPointer(mAttribLocation, 1, GL_FLOAT, GL_FALSE, 4, NULL);
+    glEnableVertexAttribArray(mAttribLocation);
+    glBindBuffer(GL_ARRAY_BUFFER, 0);
+
+    drawQuad(mProgram, "position", 0.5f);
+}
+
 TEST_F(BufferDataTest, HugeSetDataShouldNotCrash)
 {
     glBindBuffer(GL_ARRAY_BUFFER, mBuffer);
author	Jamie Madill <jmadill@chromium.org>	2014-09-19 13:17:51 -0400
committer	Jamie Madill <jmadill@chromium.org>	2014-09-19 18:50:53 +0000
commit	ee009b8ee5f35dc6cca44a30d4d6c9c65cfdb0a7 (patch)
tree	0ebeb9afb7ef8cab7effee83a553f615ba7a944e
parent	2f06dbfb3f4bd815a3fe5b52638b091c1e356a04 (diff)
download	angle-ee009b8ee5f35dc6cca44a30d4d6c9c65cfdb0a7.tar.gz