Unreal Engine Issues and Bug Tracker (UE-38321)

Description

In GPUSkinCache, based on the conditional expression:

if (CacheCurrentFloatOffset + NumRWFloats > (uint32)GGPUSkinCacheBufferSize)
	{
		// Can't fit this
		INC_DWORD_STAT(STAT_GPUSkinCache_SkippedForMemory);
		return -1;
	}

the licensee is stating that it is possible for skinning to execute even though there is no space the result.

They suggest replacing the code with:

 if ((CacheCurrentFloatOffset + NumRWFloats) * sizeof(float) > SkinCacheBuffer[UAVIndex].NumBytes)

Steps to Reproduce

Open UE4.sln
Navigate to GPUSkinCache.cpp line 485

Notice the conditional expression:

if (CacheCurrentFloatOffset + NumRWFloats > (uint32)GGPUSkinCacheBufferSize)
	{
		// Can't fit this
		INC_DWORD_STAT(STAT_GPUSkinCache_SkippedForMemory);
		return -1;
	}

The licensee suggests replacing the expression with:

 if ((CacheCurrentFloatOffset + NumRWFloats) * sizeof(float) > SkinCacheBuffer[UAVIndex].NumBytes)

Result: The licensee suggests this code would prevent the buffer overrun.

Have Comments or More Details?

There's no existing public thread on this issue, so head over to Questions & Answers just mention UE-38321 in the post.

1	Login to Vote

Cannot Reproduce

Component	UE - Graphics Features
Affects Versions	4.12, 4.13, 4.14
Target Fix	4.22

Created	Nov 7, 2016
Resolved	Dec 10, 2018
Updated	Jan 31, 2019

UE-38321

Buffer Overrun with GPUSkinCache

Buffer Overrun with GPUSkinCache

Have Comments or More Details?