Skip to content

Commit

Permalink
Fix for invalid swizzle causing crash (#4690)
Browse files Browse the repository at this point in the history
* Fix for invalid swizzle causing crash

Fixes #4689

If swizzle code is provided 5+ element swizzle the checkSwizzleExpr code will do an out of bounds array access and crash.

* switch test to check for to ensure no crash

* cleanup swizzle errors to only emit once

---------

Co-authored-by: Yong He <[email protected]>
  • Loading branch information
ArielG-NV and csyonghe authored Jul 19, 2024
1 parent f114433 commit 4ae58a7
Show file tree
Hide file tree
Showing 2 changed files with 22 additions and 4 deletions.
15 changes: 11 additions & 4 deletions source/slang/slang-check-expr.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -3743,9 +3743,8 @@ namespace Slang
case 'w': case 'a': elementIndex = 3; break;
default:
// An invalid character in the swizzle is an error
getSink()->diagnose(swizExpr, Diagnostics::invalidSwizzleExpr, swizzleText, baseElementType->toString());
anyError = true;
continue;
break;
}

// TODO(tfoley): GLSL requires that all component names
Expand All @@ -3754,9 +3753,16 @@ namespace Slang
// Make sure the index is in range for the source type
if (elementIndex >= limitElement)
{
getSink()->diagnose(swizExpr, Diagnostics::invalidSwizzleExpr, swizzleText, baseElementType->toString());
anyError = true;
continue;
break;
}

// If elementCount is already at 4 stop trying to assign a swizzle element and send an error,
// we cannot have more valid swizzle elements than 4.
if (elementCount >= 4)
{
anyError = true;
break;
}

// Check if we've seen this index before
Expand All @@ -3778,6 +3784,7 @@ namespace Slang

if (anyError)
{
getSink()->diagnose(swizExpr, Diagnostics::invalidSwizzleExpr, swizzleText, baseElementType->toString());
return CreateErrorExpr(memberRefExpr);
}
else if (elementCount == 1)
Expand Down
11 changes: 11 additions & 0 deletions tests/bugs/invalid-swizzle-count.slang
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
//TEST:SIMPLE(filecheck=CHECK): -target spirv -stage compute -entry computeMain -emit-spirv-directly
// CHECK: error 30052
// CHECK-NOT: error 30052
RWStructuredBuffer<float> outputBuffer;

[numthreads(1,1,1)]
void computeMain( uint2 dispatchThreadID : SV_DispatchThreadID )
{
float4 vecVal = float4(0);
outputBuffer[0] = vecVal.xxtyxx;
}

0 comments on commit 4ae58a7

Please sign in to comment.