Skip to content

Commit 6eec238

Browse files
wwoloszynCompute-Runtime-Automation
wwoloszyn
authored and
Compute-Runtime-Automation
committed
fix nullptr dereference issues in windows api
Change-Id: I6209892f8c0ea96426c28d7977d20c234d3cd81d
1 parent 9b0820d commit 6eec238

File tree

2 files changed

+253
-28
lines changed

2 files changed

+253
-28
lines changed

runtime/os_interface/windows/api.cpp

Lines changed: 145 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -95,7 +95,13 @@ void *OCLRT::Context::getOsContextInfo(cl_context_info &paramName, size_t *srcPa
9595

9696
cl_int CL_API_CALL clGetDeviceIDsFromDX9INTEL(cl_platform_id platform, cl_dx9_device_source_intel dx9DeviceSource, void *dx9Object,
9797
cl_dx9_device_set_intel dx9DeviceSet, cl_uint numEntries, cl_device_id *devices, cl_uint *numDevices) {
98-
cl_device_id device = castToObject<Platform>(platform)->getDevice(0);
98+
Platform *platformInternal = nullptr;
99+
auto retVal = validateObjects(WithCastToInternal(platform, &platformInternal));
100+
if (retVal != CL_SUCCESS) {
101+
return retVal;
102+
}
103+
cl_device_id device = platformInternal->getDevice(0);
104+
99105
GetInfoHelper::set(devices, device);
100106
GetInfoHelper::set(numDevices, 1u);
101107
return CL_SUCCESS;
@@ -122,14 +128,25 @@ cl_mem CL_API_CALL clCreateFromDX9MediaSurfaceINTEL(cl_context context, cl_mem_f
122128

123129
cl_int CL_API_CALL clEnqueueAcquireDX9ObjectsINTEL(cl_command_queue commandQueue, cl_uint numObjects, const cl_mem *memObjects,
124130
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
125-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
131+
CommandQueue *cmdQ = nullptr;
132+
133+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
134+
if (retVal != CL_SUCCESS) {
135+
return retVal;
136+
}
137+
126138
return cmdQ->enqueueAcquireSharedObjects(numObjects, memObjects, numEventsInWaitList,
127139
eventWaitList, event, CL_COMMAND_ACQUIRE_DX9_OBJECTS_INTEL);
128140
}
129141

130142
cl_int CL_API_CALL clEnqueueReleaseDX9ObjectsINTEL(cl_command_queue commandQueue, cl_uint numObjects, cl_mem *memObjects,
131143
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
132-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
144+
CommandQueue *cmdQ = nullptr;
145+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
146+
if (retVal != CL_SUCCESS) {
147+
return retVal;
148+
}
149+
133150
for (unsigned int object = 0; object < numObjects; object++) {
134151
auto memObject = castToObject<MemObj>(memObjects[object]);
135152
if (!static_cast<D3DSharing<D3DTypesHelper::D3D9> *>(memObject->peekSharingHandler())->isSharedResource()) {
@@ -138,8 +155,8 @@ cl_int CL_API_CALL clEnqueueReleaseDX9ObjectsINTEL(cl_command_queue commandQueue
138155
}
139156
}
140157

141-
auto retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
142-
eventWaitList, event, CL_COMMAND_RELEASE_DX9_OBJECTS_INTEL);
158+
retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
159+
eventWaitList, event, CL_COMMAND_RELEASE_DX9_OBJECTS_INTEL);
143160
if (!cmdQ->getContext().getInteropUserSyncEnabled()) {
144161
cmdQ->finish(true);
145162
}
@@ -150,7 +167,13 @@ cl_int CL_API_CALL clGetDeviceIDsFromDX9MediaAdapterKHR(cl_platform_id platform,
150167
cl_dx9_media_adapter_type_khr *mediaAdapterType, void *mediaAdapters,
151168
cl_dx9_media_adapter_set_khr mediaAdapterSet, cl_uint numEntries,
152169
cl_device_id *devices, cl_uint *numDevices) {
153-
cl_device_id device = castToObject<Platform>(platform)->getDevice(0);
170+
Platform *platformInternal = nullptr;
171+
auto retVal = validateObjects(WithCastToInternal(platform, &platformInternal));
172+
if (retVal != CL_SUCCESS) {
173+
return retVal;
174+
}
175+
cl_device_id device = platformInternal->getDevice(0);
176+
154177
GetInfoHelper::set(devices, device);
155178
GetInfoHelper::set(numDevices, 1u);
156179
return CL_SUCCESS;
@@ -167,14 +190,24 @@ cl_mem CL_API_CALL clCreateFromDX9MediaSurfaceKHR(cl_context context, cl_mem_fla
167190

168191
cl_int CL_API_CALL clEnqueueAcquireDX9MediaSurfacesKHR(cl_command_queue commandQueue, cl_uint numObjects, const cl_mem *memObjects,
169192
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
170-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
193+
CommandQueue *cmdQ = nullptr;
194+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
195+
if (retVal != CL_SUCCESS) {
196+
return retVal;
197+
}
171198
return cmdQ->enqueueAcquireSharedObjects(numObjects, memObjects, numEventsInWaitList,
172199
eventWaitList, event, CL_COMMAND_ACQUIRE_DX9_MEDIA_SURFACES_KHR);
173200
}
174201

175202
cl_int CL_API_CALL clEnqueueReleaseDX9MediaSurfacesKHR(cl_command_queue commandQueue, cl_uint numObjects, const cl_mem *memObjects,
176203
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
177-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
204+
CommandQueue *cmdQ = nullptr;
205+
206+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
207+
if (retVal != CL_SUCCESS) {
208+
return retVal;
209+
}
210+
178211
for (unsigned int object = 0; object < numObjects; object++) {
179212
auto memObject = castToObject<MemObj>(memObjects[object]);
180213
if (!static_cast<D3DSharing<D3DTypesHelper::D3D9> *>(memObject->peekSharingHandler())->isSharedResource()) {
@@ -183,8 +216,8 @@ cl_int CL_API_CALL clEnqueueReleaseDX9MediaSurfacesKHR(cl_command_queue commandQ
183216
}
184217
}
185218

186-
auto retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
187-
eventWaitList, event, CL_COMMAND_RELEASE_DX9_MEDIA_SURFACES_KHR);
219+
retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
220+
eventWaitList, event, CL_COMMAND_RELEASE_DX9_MEDIA_SURFACES_KHR);
188221
if (!cmdQ->getContext().getInteropUserSyncEnabled()) {
189222
cmdQ->finish(true);
190223
}
@@ -201,11 +234,17 @@ cl_int CL_API_CALL clGetDeviceIDsFromD3D10KHR(cl_platform_id platform, cl_d3d10_
201234
cl_uint localNumDevices = 0;
202235
cl_int retCode = CL_SUCCESS;
203236

237+
Platform *platformInternal = nullptr;
238+
auto retVal = validateObjects(WithCastToInternal(platform, &platformInternal));
239+
if (retVal != CL_SUCCESS) {
240+
return retVal;
241+
}
242+
204243
if (DebugManager.injectFcn) {
205244
sharingFcns.getDxgiDescFcn = (D3DSharingFunctions<D3DTypesHelper::D3D10>::GetDxgiDescFcn)DebugManager.injectFcn;
206245
}
207246

208-
cl_device_id device = castToObject<Platform>(platform)->getDevice(0);
247+
cl_device_id device = platformInternal->getDevice(0);
209248

210249
switch (d3dDeviceSource) {
211250
case CL_D3D10_DEVICE_KHR:
@@ -244,7 +283,13 @@ cl_int CL_API_CALL clGetDeviceIDsFromD3D10KHR(cl_platform_id platform, cl_d3d10_
244283

245284
cl_mem CL_API_CALL clCreateFromD3D10BufferKHR(cl_context context, cl_mem_flags flags, ID3D10Buffer *resource, cl_int *errcodeRet) {
246285
ErrorCodeHelper err(errcodeRet, CL_SUCCESS);
247-
auto ctx = castToObject<Context>(context);
286+
Context *ctx = nullptr;
287+
288+
err.set(validateObjects(WithCastToInternal(context, &ctx)));
289+
290+
if (err.localErrcode != CL_SUCCESS) {
291+
return nullptr;
292+
}
248293

249294
if (ctx->getSharing<D3DSharingFunctions<D3DTypesHelper::D3D10>>()->isTracked(resource, 0)) {
250295
err.set(CL_INVALID_D3D10_RESOURCE_KHR);
@@ -256,7 +301,13 @@ cl_mem CL_API_CALL clCreateFromD3D10BufferKHR(cl_context context, cl_mem_flags f
256301
cl_mem CL_API_CALL clCreateFromD3D10Texture2DKHR(cl_context context, cl_mem_flags flags, ID3D10Texture2D *resource,
257302
UINT subresource, cl_int *errcodeRet) {
258303
ErrorCodeHelper err(errcodeRet, CL_SUCCESS);
259-
auto ctx = castToObject<Context>(context);
304+
Context *ctx = nullptr;
305+
306+
err.set(validateObjects(WithCastToInternal(context, &ctx)));
307+
308+
if (err.localErrcode != CL_SUCCESS) {
309+
return nullptr;
310+
}
260311

261312
if (ctx->getSharing<D3DSharingFunctions<D3DTypesHelper::D3D10>>()->isTracked(resource, subresource)) {
262313
err.set(CL_INVALID_D3D10_RESOURCE_KHR);
@@ -268,7 +319,13 @@ cl_mem CL_API_CALL clCreateFromD3D10Texture2DKHR(cl_context context, cl_mem_flag
268319
cl_mem CL_API_CALL clCreateFromD3D10Texture3DKHR(cl_context context, cl_mem_flags flags, ID3D10Texture3D *resource,
269320
UINT subresource, cl_int *errcodeRet) {
270321
ErrorCodeHelper err(errcodeRet, CL_SUCCESS);
271-
auto ctx = castToObject<Context>(context);
322+
Context *ctx = nullptr;
323+
324+
err.set(validateObjects(WithCastToInternal(context, &ctx)));
325+
326+
if (err.localErrcode != CL_SUCCESS) {
327+
return nullptr;
328+
}
272329

273330
if (ctx->getSharing<D3DSharingFunctions<D3DTypesHelper::D3D10>>()->isTracked(resource, subresource)) {
274331
err.set(CL_INVALID_D3D10_RESOURCE_KHR);
@@ -279,9 +336,19 @@ cl_mem CL_API_CALL clCreateFromD3D10Texture3DKHR(cl_context context, cl_mem_flag
279336

280337
cl_int CL_API_CALL clEnqueueAcquireD3D10ObjectsKHR(cl_command_queue commandQueue, cl_uint numObjects, const cl_mem *memObjects,
281338
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
282-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
339+
CommandQueue *cmdQ = nullptr;
340+
341+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
342+
if (retVal != CL_SUCCESS) {
343+
return retVal;
344+
}
345+
283346
for (unsigned int object = 0; object < numObjects; object++) {
284-
if (castToObject<MemObj>(memObjects[object])->acquireCount >= 1) {
347+
auto memObj = castToObject<MemObj>(memObjects[object]);
348+
if (memObj == nullptr) {
349+
return CL_INVALID_MEM_OBJECT;
350+
}
351+
if (memObj->acquireCount >= 1) {
285352
return CL_D3D10_RESOURCE_ALREADY_ACQUIRED_KHR;
286353
}
287354
}
@@ -291,9 +358,18 @@ cl_int CL_API_CALL clEnqueueAcquireD3D10ObjectsKHR(cl_command_queue commandQueue
291358

292359
cl_int CL_API_CALL clEnqueueReleaseD3D10ObjectsKHR(cl_command_queue commandQueue, cl_uint numObjects, const cl_mem *memObjects,
293360
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
294-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
361+
CommandQueue *cmdQ = nullptr;
362+
363+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
364+
if (retVal != CL_SUCCESS) {
365+
return retVal;
366+
}
367+
295368
for (unsigned int object = 0; object < numObjects; object++) {
296369
auto memObject = castToObject<MemObj>(memObjects[object]);
370+
if (memObject == nullptr) {
371+
return CL_INVALID_MEM_OBJECT;
372+
}
297373
if (memObject->acquireCount == 0) {
298374
return CL_D3D10_RESOURCE_NOT_ACQUIRED_KHR;
299375
}
@@ -303,8 +379,8 @@ cl_int CL_API_CALL clEnqueueReleaseD3D10ObjectsKHR(cl_command_queue commandQueue
303379
}
304380
}
305381

306-
auto retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
307-
eventWaitList, event, CL_COMMAND_RELEASE_D3D10_OBJECTS_KHR);
382+
retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
383+
eventWaitList, event, CL_COMMAND_RELEASE_D3D10_OBJECTS_KHR);
308384
if (!cmdQ->getContext().getInteropUserSyncEnabled()) {
309385
cmdQ->finish(true);
310386
}
@@ -321,11 +397,17 @@ cl_int CL_API_CALL clGetDeviceIDsFromD3D11KHR(cl_platform_id platform, cl_d3d11_
321397
cl_uint localNumDevices = 0;
322398
cl_int retCode = CL_SUCCESS;
323399

400+
Platform *platformInternal = nullptr;
401+
auto retVal = validateObjects(WithCastToInternal(platform, &platformInternal));
402+
if (retVal != CL_SUCCESS) {
403+
return retVal;
404+
}
405+
324406
if (DebugManager.injectFcn) {
325407
sharingFcns.getDxgiDescFcn = (D3DSharingFunctions<D3DTypesHelper::D3D11>::GetDxgiDescFcn)DebugManager.injectFcn;
326408
}
327409

328-
cl_device_id device = castToObject<Platform>(platform)->getDevice(0);
410+
cl_device_id device = platformInternal->getDevice(0);
329411

330412
switch (d3dDeviceSource) {
331413
case CL_D3D11_DEVICE_KHR:
@@ -364,7 +446,12 @@ cl_int CL_API_CALL clGetDeviceIDsFromD3D11KHR(cl_platform_id platform, cl_d3d11_
364446

365447
cl_mem CL_API_CALL clCreateFromD3D11BufferKHR(cl_context context, cl_mem_flags flags, ID3D11Buffer *resource, cl_int *errcodeRet) {
366448
ErrorCodeHelper err(errcodeRet, CL_SUCCESS);
367-
auto ctx = castToObject<Context>(context);
449+
Context *ctx = nullptr;
450+
451+
err.set(validateObjects(WithCastToInternal(context, &ctx)));
452+
if (err.localErrcode != CL_SUCCESS) {
453+
return nullptr;
454+
}
368455

369456
if (ctx->getSharing<D3DSharingFunctions<D3DTypesHelper::D3D11>>()->isTracked(resource, 0)) {
370457
err.set(CL_INVALID_D3D11_RESOURCE_KHR);
@@ -376,7 +463,12 @@ cl_mem CL_API_CALL clCreateFromD3D11BufferKHR(cl_context context, cl_mem_flags f
376463
cl_mem CL_API_CALL clCreateFromD3D11Texture2DKHR(cl_context context, cl_mem_flags flags, ID3D11Texture2D *resource,
377464
UINT subresource, cl_int *errcodeRet) {
378465
ErrorCodeHelper err(errcodeRet, CL_SUCCESS);
379-
auto ctx = castToObject<Context>(context);
466+
Context *ctx = nullptr;
467+
468+
err.set(validateObjects(WithCastToInternal(context, &ctx)));
469+
if (err.localErrcode != CL_SUCCESS) {
470+
return nullptr;
471+
}
380472

381473
if (ctx->getSharing<D3DSharingFunctions<D3DTypesHelper::D3D11>>()->isTracked(resource, subresource)) {
382474
err.set(CL_INVALID_D3D11_RESOURCE_KHR);
@@ -388,7 +480,13 @@ cl_mem CL_API_CALL clCreateFromD3D11Texture2DKHR(cl_context context, cl_mem_flag
388480
cl_mem CL_API_CALL clCreateFromD3D11Texture3DKHR(cl_context context, cl_mem_flags flags, ID3D11Texture3D *resource,
389481
UINT subresource, cl_int *errcodeRet) {
390482
ErrorCodeHelper err(errcodeRet, CL_SUCCESS);
391-
auto ctx = castToObject<Context>(context);
483+
Context *ctx = nullptr;
484+
485+
err.set(validateObjects(WithCastToInternal(context, &ctx)));
486+
487+
if (err.localErrcode != CL_SUCCESS) {
488+
return nullptr;
489+
}
392490

393491
if (ctx->getSharing<D3DSharingFunctions<D3DTypesHelper::D3D11>>()->isTracked(resource, subresource)) {
394492
err.set(CL_INVALID_D3D11_RESOURCE_KHR);
@@ -399,9 +497,19 @@ cl_mem CL_API_CALL clCreateFromD3D11Texture3DKHR(cl_context context, cl_mem_flag
399497

400498
cl_int CL_API_CALL clEnqueueAcquireD3D11ObjectsKHR(cl_command_queue commandQueue, cl_uint numObjects, const cl_mem *memObjects,
401499
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
402-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
500+
CommandQueue *cmdQ = nullptr;
501+
502+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
503+
if (retVal != CL_SUCCESS) {
504+
return retVal;
505+
}
506+
403507
for (unsigned int object = 0; object < numObjects; object++) {
404-
if (castToObject<MemObj>(memObjects[object])->acquireCount >= 1) {
508+
auto memObj = castToObject<MemObj>(memObjects[object]);
509+
if (memObj == nullptr) {
510+
return CL_INVALID_MEM_OBJECT;
511+
}
512+
if (memObj->acquireCount >= 1) {
405513
return CL_D3D11_RESOURCE_ALREADY_ACQUIRED_KHR;
406514
}
407515
}
@@ -411,9 +519,18 @@ cl_int CL_API_CALL clEnqueueAcquireD3D11ObjectsKHR(cl_command_queue commandQueue
411519

412520
cl_int CL_API_CALL clEnqueueReleaseD3D11ObjectsKHR(cl_command_queue commandQueue, cl_uint numObjects, const cl_mem *memObjects,
413521
cl_uint numEventsInWaitList, const cl_event *eventWaitList, cl_event *event) {
414-
auto cmdQ = castToObject<CommandQueue>(commandQueue);
522+
CommandQueue *cmdQ = nullptr;
523+
524+
auto retVal = validateObjects(WithCastToInternal(commandQueue, &cmdQ));
525+
if (retVal != CL_SUCCESS) {
526+
return retVal;
527+
}
528+
415529
for (unsigned int object = 0; object < numObjects; object++) {
416530
auto memObject = castToObject<MemObj>(memObjects[object]);
531+
if (memObject == nullptr) {
532+
return CL_INVALID_MEM_OBJECT;
533+
}
417534
if (memObject->acquireCount == 0) {
418535
return CL_D3D11_RESOURCE_NOT_ACQUIRED_KHR;
419536
}
@@ -423,8 +540,8 @@ cl_int CL_API_CALL clEnqueueReleaseD3D11ObjectsKHR(cl_command_queue commandQueue
423540
}
424541
}
425542

426-
auto retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
427-
eventWaitList, event, CL_COMMAND_RELEASE_D3D11_OBJECTS_KHR);
543+
retVal = cmdQ->enqueueReleaseSharedObjects(numObjects, memObjects, numEventsInWaitList,
544+
eventWaitList, event, CL_COMMAND_RELEASE_D3D11_OBJECTS_KHR);
428545
if (!cmdQ->getContext().getInteropUserSyncEnabled()) {
429546
cmdQ->finish(true);
430547
}

0 commit comments

Comments
 (0)