From 8bcf6c443bbd24498e67ae54f06c2ad933421738 Mon Sep 17 00:00:00 2001 From: Gangzheng Tong Date: Wed, 10 Sep 2025 16:25:31 -0700 Subject: Fix segfault in SPIR-V header processing in SpirvInstructionHelper (#8428) The `SpirvInstructionHelper::loadBlob()` method could segfault when calling `m_headerWords.addRange()` if the SPIR-V blob contained insufficient data for the required 5-word header. To reproduce, run ``` ./build/Debug/bin/slangc.exe tests/modules/environment.slang -o tests/modules/environment.slang-module -target spirv -separate-debug-info (0): error 57004: output SPIR-V contains no exported symbols. Please make sure to specify at least one entrypoint. Segmentation fault ``` The error is expected, but the `Segmentation fault` is not. This PR adds the check to ensure the SPIR-V blob has at least `SPV_INDEX_INSTRUCTION_START * sizeof(SpvWord)` bytes (20 bytes minimum) before attempting to process the header words. Related to: https://github.com/shader-slang/slang/issues/7547 --- source/slang/slang-emit.cpp | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source') diff --git a/source/slang/slang-emit.cpp b/source/slang/slang-emit.cpp index 31e6d17be..6725ac3de 100644 --- a/source/slang/slang-emit.cpp +++ b/source/slang/slang-emit.cpp @@ -2287,7 +2287,8 @@ public: { ComPtr spirvBlob; SlangResult res = artifact->loadBlob(ArtifactKeep::Yes, spirvBlob.writeRef()); - if (SLANG_FAILED(res) || !spirvBlob) + if (SLANG_FAILED(res) || !spirvBlob || + spirvBlob->getBufferSize() < SPV_INDEX_INSTRUCTION_START * sizeof(SpvWord)) return SLANG_FAIL; // Populate the full array of SPIR-V words. -- cgit v1.2.3