fix(ext/webgpu): bounds-check + view-aware setBindGroup Uint32Array fast path (#33980)

lunadogbot · bartlomieju · crowlKats · web-flow · commit 35d3602a963f · 2026-06-09T11:30:01.000+02:00
The `Uint32Array` fast path of `setBindGroup` in `compute_pass.rs`, `render_pass.rs` and `render_bundle.rs` had two related bugs (#33956): 1. `&data[start..(start + len)]` sliced unchecked. An out-of-range length panicked inside the op's `extern "C"` callback, and the panic crossed the C ABI as a process abort — six lines of JS could kill a running runtime. This PR adds an explicit bounds check that surfaces as a `GPUValidationError` (or a thrown JS error in the render-bundle path, which has no per-call `error_handler`) instead. 2. `uint_32.buffer(scope).data()` + `ab.byte_length() / 4` walked the backing `ArrayBuffer` and ignored the typed-array view's `byteOffset` and `length`. A `Uint32Array(buf, byteOffset > 0, …)` fed `wgpu_core` the wrong window with no error surfaced — silently incorrect rendering / compute results. The slice is now constructed from `byte_offset()` + `length()`. Adds a regression test (gated on `!isCIWithoutGPU`, like the other webgpu tests) that: - calls `setBindGroup(…, new Uint32Array(4), 0, 1_000_000)` against both a `ComputePass` (expects a validation error in the device error scope) and a `RenderBundleEncoder` (expects a thrown JS error), and - confirms a well-formed call still works. `deno fmt --check` and `deno lint` are clean on the changed files; the Rust changes will get their fmt/clippy from CI. Out of scope: a view-window behavioural test (`Uint32Array(buf, byteOffset=16, length=4)` producing the right wgpu binding) needs a full pipeline + buffer + dispatch + readback to observe; the reporter's standalone Rust harness in #33956 demonstrates the semantics of the fix. Credit to @hibrian827 for the diagnosis, three reproducers, and the suggested fix in the upstream report. Fixes #33956. @bartlomieju --- 🤖 Filed by `agor` (worker `work2-2`, bot `lunadogbot`). Tracking claim: bartlomieju/orchid-inbox#24. (Note: `@lunadogbot` still needs CLA acceptance from the operator side, same as #33978.) --------- Signed-off-by: lunadogbot <lunadogbot@users.noreply.github.com> Co-authored-by: lunadogbot <lunadogbot@users.noreply.github.com> Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> Co-authored-by: Leo Kettmeir <crowlkats@toaxl.com>
diff --git a/ext/webgpu/compute_pass.rs b/ext/webgpu/compute_pass.rs
@@ -14,6 +14,7 @@ use deno_core::webidl::WebIdlConverter;
 use deno_core::webidl::WebIdlError;
 
 use crate::Instance;
+use crate::error::GPUError;
 use crate::error::GPUGenericError;
 
 pub struct GPUComputePassEncoder {
@@ -186,15 +187,39 @@ impl GPUComputePassEncoder {
         },
       )? as usize;
 
+      let view_byte_offset = uint_32.byte_offset();
+      let view_len = uint_32.length();
+
+      // Validate `start..start+len` against the **view** length, not the
+      // backing buffer's length. Without this check, `&data[start..end]`
+      // below would panic on out-of-range input; the panic crosses the
+      // op's `extern "C"` boundary and aborts the process. See #33956.
+      let Some(end) = start.checked_add(len).filter(|end| *end <= view_len)
+      else {
+        self.error_handler.push_error(Some(GPUError::Validation(format!(
+          "{PREFIX}: dynamicOffsetsDataStart + dynamicOffsetsDataLength ({start} + {len}) is outside the bounds of dynamicOffsetsData (length {view_len})",
+        ))));
+        return Ok(());
+      };
+
       let ab = uint_32.buffer(scope).unwrap();
       let ptr = ab.data().unwrap();
-      let ab_len = ab.byte_length() / 4;
 
-      // SAFETY: compute_pass_set_bind_group internally calls extend_from_slice with this slice
-      let data =
-        unsafe { std::slice::from_raw_parts(ptr.as_ptr() as _, ab_len) };
+      // SAFETY: `ptr` is the start of the backing ArrayBuffer's data; the
+      // Uint32Array constructor guarantees `byte_offset + view_len * 4`
+      // fits within `byte_length`, so the resulting slice covers exactly
+      // the view's window. `data` is dropped at the end of this call;
+      // `ab` keeps the backing buffer alive for that duration.
+      // compute_pass_set_bind_group internally calls extend_from_slice
+      // with this slice.
+      let data = unsafe {
+        std::slice::from_raw_parts(
+          (ptr.as_ptr() as *const u8).add(view_byte_offset) as *const u32,
+          view_len,
+        )
+      };
 
-      let offsets = &data[start..(start + len)];
+      let offsets = &data[start..end];
 
       self
         .instance
diff --git a/ext/webgpu/render_bundle.rs b/ext/webgpu/render_bundle.rs
@@ -185,15 +185,36 @@ impl GPURenderBundleEncoder {
         },
       )? as usize;
 
+      let view_byte_offset = uint_32.byte_offset();
+      let view_len = uint_32.length();
+
+      // Validate `start..start+len` against the **view** length, not the
+      // backing buffer's length. Without this check, `&data[start..end]`
+      // below would panic on out-of-range input; the panic crosses the
+      // op's `extern "C"` boundary and aborts the process. See #33956.
+      let Some(end) = start.checked_add(len).filter(|end| *end <= view_len)
+      else {
+        return Err(JsErrorBox::generic(format!(
+          "{PREFIX}: dynamicOffsetsDataStart + dynamicOffsetsDataLength ({start} + {len}) is outside the bounds of dynamicOffsetsData (length {view_len})",
+        )).into());
+      };
+
       let ab = uint_32.buffer(scope).unwrap();
       let ptr = ab.data().unwrap();
-      let ab_len = ab.byte_length() / 4;
-
-      // SAFETY: created from an array buffer, slice is dropped at end of function call
-      let data =
-        unsafe { std::slice::from_raw_parts(ptr.as_ptr() as _, ab_len) };
 
-      let offsets = &data[start..(start + len)];
+      // SAFETY: `ptr` is the start of the backing ArrayBuffer's data; the
+      // Uint32Array constructor guarantees `byte_offset + view_len * 4`
+      // fits within `byte_length`, so the resulting slice covers exactly
+      // the view's window. `data` is dropped at the end of this call;
+      // `ab` keeps the backing buffer alive for that duration.
+      let data = unsafe {
+        std::slice::from_raw_parts(
+          (ptr.as_ptr() as *const u8).add(view_byte_offset) as *const u32,
+          view_len,
+        )
+      };
+
+      let offsets = &data[start..end];
 
       // SAFETY: wgpu FFI call
       unsafe {
diff --git a/ext/webgpu/render_pass.rs b/ext/webgpu/render_pass.rs
@@ -19,6 +19,7 @@ use deno_core::webidl::WebIdlError;
 
 use crate::Instance;
 use crate::buffer::GPUBuffer;
+use crate::error::GPUError;
 use crate::error::GPUGenericError;
 use crate::render_bundle::GPURenderBundle;
 use crate::texture::GPUTexture;
@@ -261,15 +262,37 @@ impl GPURenderPassEncoder {
         },
       )? as usize;
 
+      let view_byte_offset = uint_32.byte_offset();
+      let view_len = uint_32.length();
+
+      // Validate `start..start+len` against the **view** length, not the
+      // backing buffer's length. Without this check, `&data[start..end]`
+      // below would panic on out-of-range input; the panic crosses the
+      // op's `extern "C"` boundary and aborts the process. See #33956.
+      let Some(end) = start.checked_add(len).filter(|end| *end <= view_len)
+      else {
+        self.error_handler.push_error(Some(GPUError::Validation(format!(
+          "{PREFIX}: dynamicOffsetsDataStart + dynamicOffsetsDataLength ({start} + {len}) is outside the bounds of dynamicOffsetsData (length {view_len})",
+        ))));
+        return Ok(());
+      };
+
       let ab = uint_32.buffer(scope).unwrap();
       let ptr = ab.data().unwrap();
-      let ab_len = ab.byte_length() / 4;
 
-      // SAFETY: created from an array buffer, slice is dropped at end of function call
-      let data =
-        unsafe { std::slice::from_raw_parts(ptr.as_ptr() as _, ab_len) };
+      // SAFETY: `ptr` is the start of the backing ArrayBuffer's data; the
+      // Uint32Array constructor guarantees `byte_offset + view_len * 4`
+      // fits within `byte_length`, so the resulting slice covers exactly
+      // the view's window. `data` is dropped at the end of this call;
+      // `ab` keeps the backing buffer alive for that duration.
+      let data = unsafe {
+        std::slice::from_raw_parts(
+          (ptr.as_ptr() as *const u8).add(view_byte_offset) as *const u32,
+          view_len,
+        )
+      };
 
-      let offsets = &data[start..(start + len)];
+      let offsets = &data[start..end];
 
       self
         .instance
diff --git a/tests/unit/webgpu_test.ts b/tests/unit/webgpu_test.ts
@@ -810,6 +810,65 @@ Deno.test({
   device.destroy();
 });
 
+// Regression test for https://github.com/denoland/deno/issues/33956.
+// Before the fix, the Uint32Array fast path of setBindGroup sliced the
+// backing ArrayBuffer with an unchecked `&data[start..start+len]`. An
+// out-of-range length panicked inside the op's `extern "C"` callback,
+// which crosses the C ABI as a process abort. After the fix, the
+// bounds-check surfaces a GPUValidationError instead.
+Deno.test({
+  permissions: { read: true, env: true },
+  ignore: isWsl || isCIWithoutGPU,
+}, async function webgpuSetBindGroupBoundsCheck() {
+  const adapter = await navigator.gpu.requestAdapter();
+  assert(adapter);
+  const device = await adapter.requestDevice();
+
+  const layout = device.createBindGroupLayout({ entries: [] });
+  const bg = device.createBindGroup({ layout, entries: [] });
+
+  // ComputePass.setBindGroup: out-of-range len pushes a validation
+  // error instead of aborting the process.
+  {
+    const encoder = device.createCommandEncoder();
+    const pass = encoder.beginComputePass();
+    device.pushErrorScope("validation");
+    pass.setBindGroup(0, bg, new Uint32Array(4), 0, 1_000_000);
+    pass.end();
+    const err = await device.popErrorScope();
+    assert(err, "expected GPUValidationError on out-of-range setBindGroup");
+  }
+
+  // RenderBundleEncoder.setBindGroup: same input shape, different code
+  // path (returns the validation as a thrown JS error, since there is
+  // no error_handler.push_error at this site).
+  {
+    const bundleEncoder = device.createRenderBundleEncoder({
+      colorFormats: ["rgba8unorm"],
+    });
+    let threw = false;
+    try {
+      bundleEncoder.setBindGroup(0, bg, new Uint32Array(4), 0, 1_000_000);
+    } catch (_) {
+      threw = true;
+    }
+    assert(
+      threw,
+      "expected setBindGroup on a RenderBundleEncoder to throw on out-of-range args",
+    );
+  }
+
+  // Sanity: valid args still work (no regression on the happy path).
+  {
+    const encoder = device.createCommandEncoder();
+    const pass = encoder.beginComputePass();
+    pass.setBindGroup(0, bg, new Uint32Array(4), 0, 0);
+    pass.end();
+  }
+
+  device.destroy();
+});
+
 async function checkIsWsl() {
   return Deno.build.os === "linux" && await hasMicrosoftProcVersion();
 
