gpu: Validate dma-buf size during Vulkan image import [chromium/src : main]
0 views
Skip to first unread message
Tzarial (Gerrit)
May 19, 2026, 12:10:42 PM (5 days ago) May 19
to Colin Blundell, Chromium LUCI CQ, chromium...@chromium.org, alexmo...@chromium.org, cblume...@chromium.org, creis...@chromium.org, navigation...@chromium.org, ozone-...@chromium.org, penghuan...@chromium.org
Attention needed from Colin Blundell
Tzarial added 1 comment![]( "Open in Gerrit")
Patchset-level comments
Related details
Attention is currently required from:
- Colin Blundell
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Colin Blundell (Gerrit)
May 19, 2026, 12:55:11 PM (5 days ago) May 19
to Tzarial, Vasiliy Telezhnikov, Chromium LUCI CQ, chromium...@chromium.org, alexmo...@chromium.org, cblume...@chromium.org, creis...@chromium.org, navigation...@chromium.org, ozone-...@chromium.org, penghuan...@chromium.org, Colin Blundell
Attention needed from Tzarial and Vasiliy Telezhnikov
Colin Blundell added 1 comment![]( "Open in Gerrit")
Patchset-level comments
Colin Blundell . resolved
Thanks! -> vasilyt@ for greater expertise in this domain
Related details
Attention is currently required from:
- Tzarial
- Vasiliy Telezhnikov
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Vasiliy Telezhnikov (Gerrit)
May 19, 2026, 1:05:32 PM (5 days ago) May 19
to Tzarial, Chromium LUCI CQ, chromium...@chromium.org, alexmo...@chromium.org, cblume...@chromium.org, creis...@chromium.org, navigation...@chromium.org, ozone-...@chromium.org, penghuan...@chromium.org
Attention needed from Tzarial
Vasiliy Telezhnikov added 3 comments![]( "Open in Gerrit")
File content/browser/renderer_host/render_process_host_impl.cc
Line 1744, Patchset 1 (Latest):
/*enable_extra_handles_validation=*/true, GetUIThreadTaskRunner({}));Vasiliy Telezhnikov . unresolved
This will break chrome os and linux. There is reason why we added this bool and not just turned the validation everywhere and it is because we don't know the memory layout that fd points to, so knowing format+size is not enough to validate the file descriptor size.
File gpu/vulkan/vulkan_image_linux.cc
Line 76, Patchset 1 (Latest):
base::CheckedNumeric<uint64_t> min_required = size.width();Vasiliy Telezhnikov . unresolved
Not sure I understood the logic here. This checks that fd has size that is at least width*height bytes, while we know that in most cases we'd need more? How does this help?
If the assumption that we need _at least_ this amount, it's not true either in general case, it can be smaller.
File ui/gfx/native_pixmap_handle.cc
Line 188, Patchset 1 (Latest):
if (static_cast<uint64_t>(fd_size) < handle.planes[i].size) {Vasiliy Telezhnikov . unresolved
This can't work because we don't know the size unfortunately. On ChromeOS is might be somewhat usable, it's completely made up number on linux.
Related details
Attention is currently required from:
- Tzarial
Submit Requirements:
Code-Coverage
Code-Owners
Code-Review
No-Unresolved-Comments
Review-Enforcement
| Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. |
Reply all
Reply to author
Forward
0 new messages