vulkan: Don't use pointer to dropped PhysicalDeviceDriverProperties.

Detected by ASAN, but seems impossible to exploit. Since `ash::vk::definitions::PhysicalDeviceDriverProperties` is `Copy`, the statement if let Some(driver) = phd_capabilities.driver { ... } actually makes `driver` a local copy of the struct. The code uses `as_ptr` to create a pointer to the `driver_name` field of this local copy, and then tries to use that pointer outside the `if let`, when the local copy has gone out of scope. This is UB. Taking a reference to the properties struct is correct and more efficient.
gfx-rs · Oct 6, 2022 · c413ec9 · c413ec9
1 parent 58f92cc
commit c413ec9
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -46,6 +46,10 @@ Bottom level categories:
 
 - Bother to free the `hal::Api::CommandBuffer` when a `wgpu_core::command::CommandEncoder` is dropped. By @jimblandy in [#3069](https://github.com/gfx-rs/wgpu/pull/3069).
 
+#### Vulkan
+
+- Don't use a pointer to a local copy of a `PhysicalDeviceDriverProperties` struct after it has gone out of scope. In fact, don't make a local copy at all. By @jimblandy in [#3076](https://github.com/gfx-rs/wgpu/pull/3076).
+
 ## wgpu-0.14.0 (2022-10-05)
 
 ### Major Changes

diff --git a/wgpu-hal/src/vulkan/adapter.rs b/wgpu-hal/src/vulkan/adapter.rs
@@ -907,7 +907,7 @@ impl super::Instance {
                 _ => wgt::DeviceType::Other,
             },
             driver: unsafe {
-                let driver_name = if let Some(driver) = phd_capabilities.driver {
+                let driver_name = if let Some(ref driver) = phd_capabilities.driver {
                     CStr::from_ptr(driver.driver_name.as_ptr()).to_str().ok()
                 } else {
                     None
@@ -916,7 +916,7 @@ impl super::Instance {
                 driver_name.unwrap_or("?").to_owned()
             },
             driver_info: unsafe {
-                let driver_info = if let Some(driver) = phd_capabilities.driver {
+                let driver_info = if let Some(ref driver) = phd_capabilities.driver {
                     CStr::from_ptr(driver.driver_info.as_ptr()).to_str().ok()
                 } else {
                     None