aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorv1993 <v19930312@gmail.com>2022-01-17 12:45:34 +0300
committerv1993 <v19930312@gmail.com>2022-01-17 21:50:51 +0300
commita943600019969ce0382821e7ee19ef4b990564cb (patch)
treef22d5f6a2b385e1e45b824ccdab8e137207d6198
parentca2d90477067b43475cd4176bed04c88a3e9bb64 (diff)
shader_recompiler: fix potential OOB access
Found by static analysis with PVS-Studio. Original check wasn't actually checking for OOB and would segfault in case of it.
Diffstat
-rw-r--r--src/shader_recompiler/backend/glsl/glsl_emit_context.cpp7
-rw-r--r--src/shader_recompiler/backend/spirv/spirv_emit_context.cpp7
2 files changed, 8 insertions, 6 deletions
diff --git a/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp b/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp
index bb7f1a0fd3..e816a93ecb 100644
--- a/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp
+++ b/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp
@@ -458,9 +458,10 @@ void EmitContext::DefineGenericOutput(size_t index, u32 invocations) {
std::string definition{fmt::format("layout(location={}", index)};
const u32 remainder{4 - element};
const TransformFeedbackVarying* xfb_varying{};
- if (!runtime_info.xfb_varyings.empty()) {
- xfb_varying = &runtime_info.xfb_varyings[base_index + element];
- xfb_varying = xfb_varying && xfb_varying->components > 0 ? xfb_varying : nullptr;
+ const size_t xfb_varying_index{base_index + element};
+ if (xfb_varying_index < runtime_info.xfb_varyings.size()) {
+ xfb_varying = &runtime_info.xfb_varyings[xfb_varying_index];
+ xfb_varying = xfb_varying->components > 0 ? xfb_varying : nullptr;
}
const u32 num_components{xfb_varying ? xfb_varying->components : remainder};
if (element > 0) {
diff --git a/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp b/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp
index d3ba66569b..cd90c084aa 100644
--- a/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp
+++ b/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp
@@ -164,9 +164,10 @@ void DefineGenericOutput(EmitContext& ctx, size_t index, std::optional<u32> invo
while (element < 4) {
const u32 remainder{4 - element};
const TransformFeedbackVarying* xfb_varying{};
- if (!ctx.runtime_info.xfb_varyings.empty()) {
- xfb_varying = &ctx.runtime_info.xfb_varyings[base_attr_index + element];
- xfb_varying = xfb_varying && xfb_varying->components > 0 ? xfb_varying : nullptr;
+ const size_t xfb_varying_index{base_attr_index + element};
+ if (xfb_varying_index < ctx.runtime_info.xfb_varyings.size()) {
+ xfb_varying = &ctx.runtime_info.xfb_varyings[xfb_varying_index];
+ xfb_varying = xfb_varying->components > 0 ? xfb_varying : nullptr;
}
const u32 num_components{xfb_varying ? xfb_varying->components : remainder};
generated by cgit v1.2.3-70-g09d2 (git 2.48.1) at 2025-03-25 22:36:25 +0000