Uploaded image for project: 'Qt'
  1. Qt
  2. QTBUG-132356

Out-of-bounds read in QRhiVulkan::endAndSubmitPrimaryCommandBuffer

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: P1: Critical P1: Critical
    • 6.9.0 Beta3, 6.10.0 FF
    • 6.9.0 Beta1
    • Qt RHI
    • None
    • All
    • ff68e05bc (dev), 7fbc34056 (6.9)

      Qt 6.9 added via QRhi::setQueueSubmitParams the possibility to pass additional user-provided semaphores to the vkQueueSubmit and vkQueuePresent functions called by the RHI.

      As per the Vulkan specs, VkSubmitInfo::pWaitDstStageMask is a pointer to an array of VkSubmitInfo::waitSemaphoreCount elements.

      Unfortunately, this array was not modified for the case where more than one waitSemaphore is passed (happens when additional semaphores are passed via QRhi::setQueueSubmitParams), resulting in an out-of-bounds read by the driver.

        For Gerrit Dashboard: QTBUG-132356
        # Subject Branch Project Status CR V
        619432,3 rhi: vulkan: fix the pWaitDstStageMask parameter of vkQueueSubmit dev qt/qtbase Status: MERGED +2 0
        620007,2 rhi: vulkan: fix the pWaitDstStageMask parameter of vkQueueSubmit 6.9 qt/qtbase Status: MERGED +2 0

            lagocs Laszlo Agocs
            maximeduriez Maxime Duriez
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved:

                There are no open Gerrit changes