Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Memmap: Replace GetPointer with GetSpanForAddress #12705

Merged
merged 3 commits into from Apr 20, 2024
Merged

Memmap: Replace GetPointer with GetSpanForAddress #12705

merged 3 commits into from Apr 20, 2024

Conversation

JosJuice
Copy link
Member

To ensure memory safety, callers of GetPointer have to perform a bounds check. But how is this bounds check supposed to be performed? GetPointerForRange contained one implementation of a bounds check, but it was cumbersome, and it also isn't obvious why it's correct.

To make doing the right thing easier, the first commit of this PR changes GetPointer to return a span that tells the caller how many bytes it's allowed to access. Then, the second commit adds bounds checks to two of the three callers of GetPointer. The third caller, VertexLoader, will have to wait due to its tight optimization.

@JosJuice
Copy link
Member Author

It seems that this PR breaks the decoding of C8 textures in the software backend, but I can't find anything wrong when re-reading the code... Maybe someone with more experience of the graphics backends can find something when reviewing the code?

@Tilka
Copy link
Member

Tilka commented Apr 20, 2024

I fixed three instances of an issue but there might be more. Note that FifoCI is currently down.

@JosJuice
Memmap: Replace GetPointer with GetSpanForAddress
5c9bb80 
To ensure memory safety, callers of GetPointer have to perform a bounds
check. But how is this bounds check supposed to be performed?
GetPointerForRange contained one implementation of a bounds check, but
it was cumbersome, and it also isn't obvious why it's correct.

To make doing the right thing easier, this commit changes GetPointer to
return a span that tells the caller how many bytes it's allowed to
access.
@JosJuice
VideoCommon: Use GetSpanForAddress safely in texture decoding
3cfa233 
Now only VertexLoader remains... But that one might be tricky.
@JosJuice
VideoCommon/BPStructs: Add a missing bounds check
c204b33 
Happened to find this when working on the previous commit.
@JosJuice
Copy link
Member Author

Ah, I need to multiply the index by sizeof(u16) when replacing indexing a u16* with calling SafeSpanRead<u16>! Yes, that makes sense. I checked all the calls to SafeSpanRead, and the three calls you caught seem to be the only ones that needed changing.

@Tilka Tilka merged commit f1e40f7 into dolphin-emu:master Apr 20, 2024
11 checks passed
@JosJuice JosJuice deleted the get-span-for-address branch April 20, 2024 20:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tilka Tilka Tilka left review comments

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
2 participants
@JosJuice @Tilka