Reject SPIR-V modules with garbage ID bound.

SPIR-V spec has a limit of ~4 million, and Vulkan spec does not increase this bound, so be a bit defensive and fail early.
author: Hans-Kristian Arntzen <post@arntzen-software.no> 2020-02-14 14:57:01 +0300
committer: Hans-Kristian Arntzen <post@arntzen-software.no> 2020-02-14 14:57:01 +0300
commit: 92a4294c57d7d971f2e0a962e3c21a50b3cc8311 (patch)
tree: c71401cee3f9ac22ad53be6326de6067a5c5433e /spirv_cross_containers.hpp
parent: c53b34765d3680afdbb8e168c7e8490f8a58b1fa (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/spirv_cross_containers.hpp b/spirv_cross_containers.hpp
index 5b69c120..327d6b6c 100644
--- a/spirv_cross_containers.hpp
+++ b/spirv_cross_containers.hpp
@@ -21,8 +21,10 @@
 #include <algorithm>
 #include <functional>
 #include <iterator>
+#include <limits>
 #include <memory>
 #include <stack>
+#include <stddef.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
@@ -316,6 +318,13 @@ public:
 
 	void reserve(size_t count) SPIRV_CROSS_NOEXCEPT
 	{
+		if ((count > std::numeric_limits<size_t>::max() / sizeof(T)) ||
+		    (count > std::numeric_limits<size_t>::max() / 2))
+		{
+			// Only way this should ever happen is with garbage input, terminate.
+			std::terminate();
+		}
+
 		if (count > buffer_capacity)
 		{
 			size_t target_capacity = buffer_capacity;
@@ -324,6 +333,8 @@ public:
 			if (target_capacity < N)
 				target_capacity = N;
 
+			// Need to ensure there is a POT value of target capacity which is larger than count,
+			// otherwise this will overflow.
 			while (target_capacity < count)
 				target_capacity <<= 1u;
author	Hans-Kristian Arntzen <post@arntzen-software.no>	2020-02-14 14:57:01 +0300
committer	Hans-Kristian Arntzen <post@arntzen-software.no>	2020-02-14 14:57:01 +0300
commit	92a4294c57d7d971f2e0a962e3c21a50b3cc8311 (patch)
tree	c71401cee3f9ac22ad53be6326de6067a5c5433e /spirv_cross_containers.hpp
parent	c53b34765d3680afdbb8e168c7e8490f8a58b1fa (diff)