Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect array size for imgl3wProcs.ptr generated in imgui_impl_opengl3_loader.h #4830

Closed
dymk opened this issue Dec 26, 2021 · 1 comment
Closed

Incorrect array size for imgl3wProcs.ptr generated in imgui_impl_opengl3_loader.h #4830

dymk opened this issue Dec 26, 2021 · 1 comment
Labels
backends bug opengl

Comments

@dymk
Copy link

dymk commented Dec 26, 2021

Dear ImGui Config/Build information:

Dear ImGui 1.86 (18600)
--------------------------------
sizeof(size_t): 8, sizeof(ImDrawIdx): 2, sizeof(ImDrawVert): 20
define: __cplusplus=201703
define: __APPLE__
define: __GNUC__=4
define: __clang_version__=13.0.0 (clang-1300.0.29.30)
define: IMGUI_HAS_VIEWPORT
define: IMGUI_HAS_DOCK
--------------------------------
io.BackendPlatformName: imgui_impl_glfw
io.BackendRendererName: imgui_impl_opengl3
io.ConfigFlags: 0x00000040
 DockingEnable
io.ConfigViewportsNoDecoration
io.ConfigMacOSXBehaviors
io.ConfigInputTextCursorBlink
io.ConfigWindowsResizeFromEdges
io.ConfigMemoryCompactTimer = 60.0
io.BackendFlags: 0x0000140E
 HasMouseCursors
 HasSetMousePos
 PlatformHasViewports
 RendererHasVtxOffset
 RendererHasViewports
--------------------------------
io.Fonts: 1 fonts, Flags: 0x00000000, TexSize: 512,64
io.DisplaySize: 1920.00,1027.00
io.DisplayFramebufferScale: 2.00,2.00
--------------------------------
style.WindowPadding: 8.00,8.00
style.WindowBorderSize: 1.00
style.FramePadding: 4.00,3.00
style.FrameRounding: 0.00
style.FrameBorderSize: 0.00
style.ItemSpacing: 8.00,4.00
style.ItemInnerSpacing: 4.00,4.00

The ptr member of GL3WProcs appears to be off-by-one member smaller than it should be to hold all the loaded function pointers from proc_names.

static void load_procs(GL3WGetProcAddressProc proc)
{
    size_t i;
    for (i = 0; i < ARRAY_SIZE(proc_names); i++) // ARRAY_SIZE(proc_names) == 54
        imgl3wProcs.ptr[i] = proc(proc_names[i]); // ARRAY_SIZE(imgl3wProcs.ptr) == 53, results in buffer overrun
}

proc_names is 54 elements in length, and ptr is 53 elements in length, resulting in a buffer overrun + error reported in ubsan:

vendor/imgui/backends/imgui_impl_opengl3_loader.h:751:9: runtime error: index 53 out of bounds for type 'GL3WglProc [53]'
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ./vendor/imgui/backends/imgui_impl_opengl3_loader.h:751:9 in

I figure this is a bug in https://github.com/dearimgui/gl3w_stripped/blob/gl3w_stripped/gl3w_gen.py somewhere, but I was unable to reproduce the issue (I'm not sure what ./extra_symbols.txt were used for the file checked into Dear ImGui). When I do generate my own gl3w header, it ends up with 659 members in it, and the ptr member is 659 elements in size, which seems right.
ocornut added a commit that referenced this issue Dec 26, 2021
@ocornut
Version 1.87 WIP + Backends: OpenGL3: Fixed a buffer overflow in imgu…
89a2820 
…i_impl_opengl3_loader.h init, added in 1.86 (#4468, #4830)
@ocornut
Copy link
Owner

ocornut commented Dec 26, 2021

My bad for 389982e we probably mismerged something manually.
Fixed with 89a2820 now, will add an assert in that function to avoid that happening in the future.
Thank you!

@ocornut ocornut closed this as completed Dec 26, 2021
@ocornut ocornut added the bug label Dec 26, 2021
@PAI5REECHO PAI5REECHO mentioned this issue Jan 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backends bug opengl
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dymk @ocornut