From 98c8d7b7cfbe7dc66a87bbe8fda56d855053d7cd Mon Sep 17 00:00:00 2001 From: Lina Versace Date: Tue, 20 Jun 2023 16:43:46 -0700 Subject: [PATCH] venus: Fix detection of push descriptor set - Fix null deref. VkPipelineLayoutCreateInfo::pSetLayouts is allowed to contain VK_NULL_HANDLE. - The loop 'break' was misplaced. Fixes crash in dEQP-VK.pipeline.pipeline_library.graphics_library.fast.0_00_11_11 after VK_EXT_graphics_pipeline_library is enabled in a later patch. Fixes: 91966f2eff1 ("venus: extend lifetime of push descriptor set layout") Signed-off-by: Lina Versace Reviewed-by: Yiwei Zhang Reviewed-by: Dawn Han Part-of: --- src/virtio/vulkan/vn_pipeline.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/virtio/vulkan/vn_pipeline.c b/src/virtio/vulkan/vn_pipeline.c index 192ca54768e..b2124da82ce 100644 --- a/src/virtio/vulkan/vn_pipeline.c +++ b/src/virtio/vulkan/vn_pipeline.c @@ -126,11 +126,22 @@ vn_CreatePipelineLayout(VkDevice device, for (uint32_t i = 0; i < pCreateInfo->setLayoutCount; i++) { struct vn_descriptor_set_layout *descriptor_set_layout = vn_descriptor_set_layout_from_handle(pCreateInfo->pSetLayouts[i]); - if (descriptor_set_layout->is_push_descriptor) { + + /* Avoid null derefs. pSetLayouts may contain VK_NULL_HANDLE. + * + * From the Vulkan 1.3.254 spec: + * VUID-VkPipelineLayoutCreateInfo-pSetLayouts-parameter + * + * If setLayoutCount is not 0, pSetLayouts must be a valid pointer to + * an array of setLayoutCount valid or VK_NULL_HANDLE + * VkDescriptorSetLayout handles + */ + if (descriptor_set_layout && + descriptor_set_layout->is_push_descriptor) { layout->push_descriptor_set_layout = vn_descriptor_set_layout_ref(dev, descriptor_set_layout); + break; } - break; } layout->has_push_constant_ranges = pCreateInfo->pPushConstantRanges > 0;