commit f30182a85fa9980fede191e78c413ea29904bc92
author James Price <jrprice@google.com> Thu Dec 12 13:35:33 2024 -0800
committer Dawn LUCI CQ <dawn-scoped@luci-project-accounts.iam.gserviceaccount.com> Thu Dec 12 13:35:33 2024 -0800
tree f6a85240293b55b8709c608658a4923e75bd59e4
parent 1eff04cb1097ac4ba5b4b4430f4f789990d5b9d9

[spirv][fuzz] Check for embedded null characters in remapped entry point

Strings in SPIR-V are null terminated, and these embedded null
characters cause the SPIR-V parser to move on to the next operand
prematurely.

Fixed: 383379785
Fixed: 383379790
Change-Id: Id8ac0fe1f76e6d243b3da8e93f6c515c67c26b53
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/219254
Reviewed-by: Ryan Harrison <rharrison@chromium.org>
Auto-Submit: James Price <jrprice@google.com>
Commit-Queue: Ryan Harrison <rharrison@chromium.org>
Commit-Queue: James Price <jrprice@google.com>

src/tint/lang/spirv/writer/writer_fuzz.cc

diff --git a/src/tint/lang/spirv/writer/writer_fuzz.cc b/src/tint/lang/spirv/writer/writer_fuzz.cc
index 1f7d866..f1bdf05 100644
--- a/src/tint/lang/spirv/writer/writer_fuzz.cc
+++ b/src/tint/lang/spirv/writer/writer_fuzz.cc
@@ -38,9 +38,15 @@
 namespace {
 
 bool CanRun(const core::ir::Module& module, const Options& options) {
-    // If a remapped entry point name is provided, it must not be empty.
-    if (options.remapped_entry_point_name && options.remapped_entry_point_name->empty()) {
-        return false;
+    // If a remapped entry point name is provided, it must not be empty, and must not contain
+    // embedded null characters.
+    if (options.remapped_entry_point_name) {
+        if (options.remapped_entry_point_name->empty()) {
+            return false;
+        }
+        if (options.remapped_entry_point_name->find('\0') != std::string::npos) {
+            return false;
+        }
     }
 
     // Check for unsupported module-scope variable address spaces and types.