Vulkan: Avoid buffer overflow by ignoring duplicate extensions For any instance extension that a Vulkan driver supports, if a VkInstance is created with that extension listed multiple times, the 2nd-nth times should be ignored. That avoids overwriting an array in CreateInfoWrapper::FilterExtension(). Test: Manual testing with logcat Bug: 288929054 Change-Id: I096a6752e0f4abef868efdb6f8b4bcbd0c0c79cd Merged-In: I096a6752e0f4abef868efdb6f8b4bcbd0c0c79cd

commit: 3b48e15760dbc6999833f1be83b0cf75e2bcf8e3 [log] [tgz]
author: Ian Elliott <ianelliott@google.com> Thu Aug 10 13:32:55 2023 -0600
committer: Ian Elliott <ianelliott@google.com> Fri Aug 11 22:54:29 2023 +0000
tree: a57c09feae71cd360e1e4c876aa4d3b11f1dcbe1
parent: 574ac3e232b96a5639f29b1161d8643ae2c5c0d1 [diff] [blame]
diff --git a/vulkan/libvulkan/driver.cpp b/vulkan/libvulkan/driver.cpp
index 273cdd5..aea897c 100644
--- a/vulkan/libvulkan/driver.cpp
+++ b/vulkan/libvulkan/driver.cpp

@@ -763,6 +763,17 @@
             continue;
         }
 
+        // Ignore duplicate extensions (see: b/288929054)
+        bool duplicate_entry = false;
+        for (uint32_t j = 0; j < filter.name_count; j++) {
+            if (strcmp(name, filter.names[j]) == 0) {
+                duplicate_entry = true;
+                break;
+            }
+        }
+        if (duplicate_entry == true)
+            continue;
+
         filter.names[filter.name_count++] = name;
         if (ext_bit != ProcHook::EXTENSION_UNKNOWN) {
             if (ext_bit == ProcHook::ANDROID_native_buffer)
commit	3b48e15760dbc6999833f1be83b0cf75e2bcf8e3	[log] [tgz]
author	Ian Elliott <ianelliott@google.com>	Thu Aug 10 13:32:55 2023 -0600
committer	Ian Elliott <ianelliott@google.com>	Fri Aug 11 22:54:29 2023 +0000
tree	a57c09feae71cd360e1e4c876aa4d3b11f1dcbe1
parent	574ac3e232b96a5639f29b1161d8643ae2c5c0d1 [diff] [blame]