diff options
author | kkinnunen <kkinnunen@nvidia.com> | 2015-02-19 06:32:12 -0800 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-02-19 06:32:12 -0800 |
commit | 297aaf97a32ac16a2bc3f4bbc231d5de859ac02d (patch) | |
tree | f0166b204555a6137b31c4cbc89fb4c4cd47e0f2 | |
parent | f421ec6cc9c8f32d717b9b1df71fd9e79817a16c (diff) |
Avoid wrong memory access due to double substitution and %%
Use the form SkDebugf("%s", arbitraryString) instead of
SkDebugf(arbitraryString).
Fixes the case where SkString::appendf-ing a string with "%%" and then
printing the string with SkDebugf would cause uninitialized read and
corrupted debug print.
ninja -C out/Debug tools && valgrind --leak-check=full
./out/Debug/render_pictures --config gpu -w q -r ...
...
==7307== Conditional jump or move depends on uninitialised value(s)
==7307== at 0x6908475: __printf_fp (printf_fp.c:1180)
==7307== by 0x6904267: vfprintf (vfprintf.c:1629)
==7307== by 0x6906E53: buffered_vfprintf (vfprintf.c:2313)
==7307== by 0x690188D: vfprintf (vfprintf.c:1316)
==7307== by 0x67E8F5: SkDebugf(char const*, ...) (SkDebug_stdio.cpp:18)
==7307== by 0x7983F1: GrContext::printCacheStats() const (GrTest.cpp:54)
==7307== by 0x408ECF: tool_main(int, char**) (render_pictures_main.cpp:480)
==7307== by 0x40913E: main (render_pictures_main.cpp:511)
==7307==
Budget: 2048 items 100663296 bytes
Entry Count: current 652 (651 budgeted, 0 wrapped, 297 locked, 638 scratch 32 0.000000ull), high 652
Entry Bytes: current 51087658 (budgeted 49826658, 49 0.000000ull, 1261000 unbudgeted) high 51087658
(observe "ull" instead of "% full")
(from mtklein)
This CL is not editing public API.
TBR=reed@google.com
Review URL: https://codereview.chromium.org/943453002
-rw-r--r-- | include/utils/SkDebugUtils.h | 6 | ||||
-rw-r--r-- | src/gpu/GrTest.cpp | 4 | ||||
-rw-r--r-- | src/gpu/gl/GrGLGpu.cpp | 2 | ||||
-rw-r--r-- | src/gpu/gl/builders/GrGLProgramBuilder.cpp | 2 | ||||
-rw-r--r-- | src/gpu/gl/builders/GrGLShaderStringBuilder.cpp | 4 | ||||
-rw-r--r-- | tests/PathOpsExtendedTest.cpp | 2 | ||||
-rwxr-xr-x | tests/PathOpsSkpClipTest.cpp | 2 | ||||
-rw-r--r-- | tests/skia_test.cpp | 2 | ||||
-rw-r--r-- | tools/render_pictures_main.cpp | 2 |
9 files changed, 13 insertions, 13 deletions
diff --git a/include/utils/SkDebugUtils.h b/include/utils/SkDebugUtils.h index 2fa6d41313..fe276019ba 100644 --- a/include/utils/SkDebugUtils.h +++ b/include/utils/SkDebugUtils.h @@ -23,7 +23,7 @@ inline void SkDebugDumpMathematica( const T val ) { template<class T> inline void SkDebugDumpMathematica(const char *name, const T *array, int size) { - SkDebugf(name); + SkDebugf("%s", name); SkDebugf(" = {"); for (int i=0 ; i < size ; i++) { SkDebugDumpMathematica<T>(array[i]); @@ -34,7 +34,7 @@ inline void SkDebugDumpMathematica(const char *name, const T *array, int size) { template<class T> inline void SkDebugDumpMathematica(const char *name, const T *array, int width, int height) { - SkDebugf(name); + SkDebugf("%s", name); SkDebugf(" = {\n"); for (int i=0 ; i < height ; i++) { SkDebugf(" {"); @@ -54,7 +54,7 @@ inline void SkDebugDumpMathematica(const char *name, const T *array, int width, template<class T> inline void SkDebugDumpMathematica( const char *name, const T val ) { - SkDebugf(name); + SkDebugf("%s", name); SkDebugf(" = "); SkDebugDumpMathematica<T>(val); SkDebugf(";\n"); diff --git a/src/gpu/GrTest.cpp b/src/gpu/GrTest.cpp index ba9278ed50..8df59ff574 100644 --- a/src/gpu/GrTest.cpp +++ b/src/gpu/GrTest.cpp @@ -51,7 +51,7 @@ void GrContext::dumpCacheStats(SkString* out) const { void GrContext::printCacheStats() const { SkString out; this->dumpCacheStats(&out); - SkDebugf(out.c_str()); + SkDebugf("%s", out.c_str()); } void GrContext::dumpGpuStats(SkString* out) const { @@ -63,7 +63,7 @@ void GrContext::dumpGpuStats(SkString* out) const { void GrContext::printGpuStats() const { SkString out; this->dumpGpuStats(&out); - SkDebugf(out.c_str()); + SkDebugf("%s", out.c_str()); } #if GR_GPU_STATS diff --git a/src/gpu/gl/GrGLGpu.cpp b/src/gpu/gl/GrGLGpu.cpp index 5813d5d0f6..5a861d4923 100644 --- a/src/gpu/gl/GrGLGpu.cpp +++ b/src/gpu/gl/GrGLGpu.cpp @@ -141,7 +141,7 @@ GrGLGpu::GrGLGpu(const GrGLContext& ctx, GrContext* context) SkDebugf("------ EXTENSIONS\n"); ctx.extensions().print(); SkDebugf("\n"); - SkDebugf(this->glCaps().dump().c_str()); + SkDebugf("%s", this->glCaps().dump().c_str()); } fProgramCache = SkNEW_ARGS(ProgramCache, (this)); diff --git a/src/gpu/gl/builders/GrGLProgramBuilder.cpp b/src/gpu/gl/builders/GrGLProgramBuilder.cpp index 5a623033fb..6c8eae191d 100644 --- a/src/gpu/gl/builders/GrGLProgramBuilder.cpp +++ b/src/gpu/gl/builders/GrGLProgramBuilder.cpp @@ -458,7 +458,7 @@ bool GrGLProgramBuilder::checkLinkStatus(GrGLuint programID) { infoLen+1, &length, (char*)log.get())); - SkDebugf((char*)log.get()); + SkDebugf("%s", (char*)log.get()); } SkDEBUGFAIL("Error linking program"); GL_CALL(DeleteProgram(programID)); diff --git a/src/gpu/gl/builders/GrGLShaderStringBuilder.cpp b/src/gpu/gl/builders/GrGLShaderStringBuilder.cpp index 59e0cd8978..b123c035cd 100644 --- a/src/gpu/gl/builders/GrGLShaderStringBuilder.cpp +++ b/src/gpu/gl/builders/GrGLShaderStringBuilder.cpp @@ -71,7 +71,7 @@ GrGLuint GrGLCompileAndAttachShader(const GrGLContext& glCtx, // buffer param validation. GrGLsizei length = GR_GL_INIT_ZERO; GR_GL_CALL(gli, GetShaderInfoLog(shaderId, infoLen+1, &length, (char*)log.get())); - SkDebugf(GrGLSLPrettyPrint::PrettyPrintGLSL(strings, lengths, count, true).c_str()); + SkDebugf("%s", GrGLSLPrettyPrint::PrettyPrintGLSL(strings, lengths, count, true).c_str()); SkDebugf("\n%s", log.get()); } SkDEBUGFAIL("Shader compilation failed!"); @@ -81,7 +81,7 @@ GrGLuint GrGLCompileAndAttachShader(const GrGLContext& glCtx, } if (c_PrintShaders) { - SkDebugf(GrGLSLPrettyPrint::PrettyPrintGLSL(strings, lengths, count, true).c_str()); + SkDebugf("%s", GrGLSLPrettyPrint::PrettyPrintGLSL(strings, lengths, count, true).c_str()); SkDebugf("\n"); } diff --git a/tests/PathOpsExtendedTest.cpp b/tests/PathOpsExtendedTest.cpp index 73a23872f8..e0d30ba0b3 100644 --- a/tests/PathOpsExtendedTest.cpp +++ b/tests/PathOpsExtendedTest.cpp @@ -443,7 +443,7 @@ bool testSimplify(SkPath& path, bool useXor, SkPath& out, PathOpsThreadState& st } const char testFunction[] = "testSimplify(reporter, path);"; outputToStream(pathStr, pathPrefix, nameSuffix, testFunction, false, stream); - SkDebugf(temp); + SkDebugf("%s", temp); REPORTER_ASSERT(state.fReporter, 0); } state.fReporter->bumpTestCount(); diff --git a/tests/PathOpsSkpClipTest.cpp b/tests/PathOpsSkpClipTest.cpp index 99a5030b56..3cc788f13c 100755 --- a/tests/PathOpsSkpClipTest.cpp +++ b/tests/PathOpsSkpClipTest.cpp @@ -1086,7 +1086,7 @@ int tool_main(int argc, char** argv) { if (FLAGS_verbose) { header.appendf("\n"); } - SkDebugf(header.c_str()); + SkDebugf("%s", header.c_str()); Iter iter; Test* test; while ((test = iter.next()) != NULL) { diff --git a/tests/skia_test.cpp b/tests/skia_test.cpp index 2aca99d4a1..74029d457b 100644 --- a/tests/skia_test.cpp +++ b/tests/skia_test.cpp @@ -164,7 +164,7 @@ int test_main() { if (FLAGS_veryVerbose) { header.appendf("\n"); } - SkDebugf(header.c_str()); + SkDebugf("%s", header.c_str()); } diff --git a/tools/render_pictures_main.cpp b/tools/render_pictures_main.cpp index 11c640fdc2..16963dd3cf 100644 --- a/tools/render_pictures_main.cpp +++ b/tools/render_pictures_main.cpp @@ -399,7 +399,7 @@ static int process_input(const char* input, const SkString* writePath, } else { SkString warning; warning.printf("Warning: skipping %s\n", input); - SkDebugf(warning.c_str()); + SkDebugf("%s", warning.c_str()); } return failures; } |