Vulkan: Avoid buffer overflow by ignoring duplicate extensions

For any instance extension that a Vulkan driver supports, if a VkInstance is created with that extension listed multiple times, the 2nd-nth times should be ignored. That avoids overwriting an array in CreateInfoWrapper::FilterExtension(). Test: Manual testing with logcat Bug: 288929054 Change-Id: I096a6752e0f4abef868efdb6f8b4bcbd0c0c79cd
author: Ian Elliott <ianelliott@google.com> 2023-08-10 13:32:55 -0600
committer: Ian Elliott <ianelliott@google.com> 2023-08-10 18:57:43 -0600
commit: 5b527a04badf4f2aeca1b9bd7a94375a7a8aea5b (patch)
tree: bc4fd1169b2238adc7c71b303abe68efedce9bcd /vulkan/libvulkan/driver.cpp
parent: d56c5ca60360312775847f21132aafdf31c52432 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/vulkan/libvulkan/driver.cpp b/vulkan/libvulkan/driver.cpp
index a99355f047..f92078d8dc 100644
--- a/vulkan/libvulkan/driver.cpp
+++ b/vulkan/libvulkan/driver.cpp
@@ -747,6 +747,17 @@ void CreateInfoWrapper::FilterExtension(const char* name) {
         if (strcmp(name, props.extensionName) != 0)
             continue;
 
+        // Ignore duplicate extensions (see: b/288929054)
+        bool duplicate_entry = false;
+        for (uint32_t j = 0; j < filter.name_count; j++) {
+            if (strcmp(name, filter.names[j]) == 0) {
+                duplicate_entry = true;
+                break;
+            }
+        }
+        if (duplicate_entry == true)
+            continue;
+
         filter.names[filter.name_count++] = name;
         if (ext_bit != ProcHook::EXTENSION_UNKNOWN) {
             if (ext_bit == ProcHook::ANDROID_native_buffer)
author	Ian Elliott <ianelliott@google.com>	2023-08-10 13:32:55 -0600
committer	Ian Elliott <ianelliott@google.com>	2023-08-10 18:57:43 -0600
commit	5b527a04badf4f2aeca1b9bd7a94375a7a8aea5b (patch)
tree	bc4fd1169b2238adc7c71b303abe68efedce9bcd /vulkan/libvulkan/driver.cpp
parent	d56c5ca60360312775847f21132aafdf31c52432 (diff)