Fix segfault in SPIR-V header processing in SpirvInstructionHelper (#8428)

The `SpirvInstructionHelper::loadBlob()` method could segfault when
calling `m_headerWords.addRange()` if the SPIR-V blob contained
insufficient data for the required 5-word header.

To reproduce, run 
```
./build/Debug/bin/slangc.exe tests/modules/environment.slang -o tests/modules/environment.slang-module -target spirv -separate-debug-info

(0): error 57004: output SPIR-V contains no exported symbols. Please make sure to specify at least one entrypoint.
Segmentation fault
```
The error is expected, but the `Segmentation fault` is not.

This PR adds the check to ensure the SPIR-V blob has at least
`SPV_INDEX_INSTRUCTION_START * sizeof(SpvWord)` bytes (20 bytes minimum)
before attempting to process the header words.

Related to: https://github.com/shader-slang/slang/issues/7547

1 files changed, 2 insertions, 1 deletions

diff --git a/source/slang/slang-emit.cpp b/source/slang/slang-emit.cpp
index 31e6d17be..6725ac3de 100644
--- a/source/slang/slang-emit.cpp
+++ b/source/slang/slang-emit.cpp
@@ -2287,7 +2287,8 @@ public:
     {
         ComPtr<ISlangBlob> spirvBlob;
         SlangResult res = artifact->loadBlob(ArtifactKeep::Yes, spirvBlob.writeRef());
-        if (SLANG_FAILED(res) || !spirvBlob)
+        if (SLANG_FAILED(res) || !spirvBlob ||
+            spirvBlob->getBufferSize() < SPV_INDEX_INSTRUCTION_START * sizeof(SpvWord))
             return SLANG_FAIL;
 
         // Populate the full array of SPIR-V words.