Vulkan: Avoid buffer overflow by ignoring duplicate extensions For any instance extension that a Vulkan driver supports, if a VkInstance is created with that extension listed multiple times, the 2nd-nth times should be ignored. That avoids overwriting an array in CreateInfoWrapper::FilterExtension(). Test: Manual testing with logcat Bug: 288929054 Change-Id: I096a6752e0f4abef868efdb6f8b4bcbd0c0c79cd

commit: 5b527a04badf4f2aeca1b9bd7a94375a7a8aea5b [log] [tgz]
author: Ian Elliott <ianelliott@google.com> Thu Aug 10 13:32:55 2023 -0600
committer: Ian Elliott <ianelliott@google.com> Thu Aug 10 18:57:43 2023 -0600
tree: bc4fd1169b2238adc7c71b303abe68efedce9bcd
parent: d56c5ca60360312775847f21132aafdf31c52432 [diff] [blame]
diff --git a/vulkan/libvulkan/driver.cpp b/vulkan/libvulkan/driver.cpp
index a99355f..f92078d 100644
--- a/vulkan/libvulkan/driver.cpp
+++ b/vulkan/libvulkan/driver.cpp

@@ -747,6 +747,17 @@
         if (strcmp(name, props.extensionName) != 0)
             continue;
 
+        // Ignore duplicate extensions (see: b/288929054)
+        bool duplicate_entry = false;
+        for (uint32_t j = 0; j < filter.name_count; j++) {
+            if (strcmp(name, filter.names[j]) == 0) {
+                duplicate_entry = true;
+                break;
+            }
+        }
+        if (duplicate_entry == true)
+            continue;
+
         filter.names[filter.name_count++] = name;
         if (ext_bit != ProcHook::EXTENSION_UNKNOWN) {
             if (ext_bit == ProcHook::ANDROID_native_buffer)
commit	5b527a04badf4f2aeca1b9bd7a94375a7a8aea5b	[log] [tgz]
author	Ian Elliott <ianelliott@google.com>	Thu Aug 10 13:32:55 2023 -0600
committer	Ian Elliott <ianelliott@google.com>	Thu Aug 10 18:57:43 2023 -0600
tree	bc4fd1169b2238adc7c71b303abe68efedce9bcd
parent	d56c5ca60360312775847f21132aafdf31c52432 [diff] [blame]