[cts] add integer overflow/bounds check tests for rect APIs

oneapi-src · Aug 10, 2023 · f0dabf3 · f0dabf3
1 parent 09cb31a
commit f0dabf3
Show file tree

Hide file tree

Showing 3 changed files with 47 additions and 0 deletions.
diff --git a/test/conformance/enqueue/urEnqueueMemBufferCopyRect.cpp b/test/conformance/enqueue/urEnqueueMemBufferCopyRect.cpp
@@ -261,3 +261,16 @@ TEST_F(urEnqueueMemBufferCopyRectMultiDeviceTest, CopyRectReadDifferentQueues) {
 
  EXPECT_SUCCESS(urMemRelease(dst_buffer));
 }
+
+TEST_P(urEnqueueMemBufferCopyRectTest, InvalidSize) {
+ // out-of-bounds access with potential overflow
+ ur_rect_region_t src_region{size, 1, 1};
+ ur_rect_offset_t src_origin{std::numeric_limits<uint64_t>::max(), 1, 1};
+ ur_rect_offset_t dst_origin{0, 0, 0};
+
+ ASSERT_EQ_RESULT(urEnqueueMemBufferCopyRect(queue, src_buffer, dst_buffer,
+ src_origin, dst_origin,
+ src_region, size, size, size,
+ size, 0, nullptr, nullptr),
+ UR_RESULT_ERROR_INVALID_SIZE);
+}
diff --git a/test/conformance/enqueue/urEnqueueMemBufferReadRect.cpp b/test/conformance/enqueue/urEnqueueMemBufferReadRect.cpp
@@ -203,3 +203,19 @@ TEST_F(urEnqueueMemBufferReadRectMultiDeviceTest, WriteReadDifferentQueues) {
  << "Result on queue " << i << " did not match!";
  }
 }
+
+TEST_P(urEnqueueMemBufferReadRectTest, InvalidSize) {
+ std::vector<uint32_t> dst(count);
+ // out-of-bounds access with potential overflow
+ ur_rect_region_t region{size, 1, 1};
+ ur_rect_offset_t buffer_offset{std::numeric_limits<uint64_t>::max(), 1, 1};
+ // Creating an overflow in host_offsets leads to a crash because
+ // the function doesn't do bounds checking of host buffers.
+ ur_rect_offset_t host_offset{0, 0, 0};
+
+ ASSERT_EQ_RESULT(
+ urEnqueueMemBufferReadRect(queue, buffer, true, buffer_offset,
+ host_offset, region, size, size, size, size,
+ dst.data(), 0, nullptr, nullptr),
+ UR_RESULT_ERROR_INVALID_SIZE);
+}
diff --git a/test/conformance/enqueue/urEnqueueMemBufferWriteRect.cpp b/test/conformance/enqueue/urEnqueueMemBufferWriteRect.cpp
@@ -184,3 +184,21 @@ TEST_P(urEnqueueMemBufferWriteRectTest, InvalidNullPtrEventWaitList) {
  src.data(), 0, &validEvent, nullptr),
  UR_RESULT_ERROR_INVALID_EVENT_WAIT_LIST);
 }
+
+TEST_P(urEnqueueMemBufferWriteRectTest, InvalidSize) {
+ std::vector<uint32_t> src(count);
+ std::fill(src.begin(), src.end(), 1);
+
+ // out-of-bounds access with potential overflow
+ ur_rect_region_t region{size, 1, 1};
+ ur_rect_offset_t buffer_offset{std::numeric_limits<uint64_t>::max(), 1, 1};
+ // Creating an overflow in host_offsets leads to a crash because
+ // the function doesn't do bounds checking of host buffers.
+ ur_rect_offset_t host_offset{0, 0, 0};
+
+ ASSERT_EQ_RESULT(
+ urEnqueueMemBufferWriteRect(queue, buffer, true, buffer_offset,
+ host_offset, region, size, size, size, size,
+ src.data(), 0, nullptr, nullptr),
+ UR_RESULT_ERROR_INVALID_SIZE);
+}