reader/spirv: Propagate errors during composite extraction
This prevents nullptr dereferences when invalid OpConstantComposite
instructions make it past spirv-val.
Fixed: chromium:1231650
Change-Id: Iddfe04dcfdce382096ae7dec7af8718b579f7951
Reviewed-on: https://dawn-review.googlesource.com/c/tint/+/61080
Auto-Submit: James Price <jrprice@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: David Neto <dneto@google.com>
diff --git a/src/reader/spirv/function.cc b/src/reader/spirv/function.cc
index b4aeaec..f5dcc36 100644
--- a/src/reader/spirv/function.cc
+++ b/src/reader/spirv/function.cc
@@ -4399,6 +4399,10 @@
auto composite_index = 0;
auto first_index_position = 1;
TypedExpression current_expr(MakeOperand(inst, composite_index));
+ if (!current_expr) {
+ return {};
+ }
+
const auto composite_id = inst.GetSingleWordInOperand(composite_index);
auto current_type_id = def_use_mgr_->GetDef(composite_id)->type_id();
@@ -4474,6 +4478,7 @@
if (index_val >= kMaxVectorLen) {
Fail() << "internal error: swizzle index " << index_val
<< " is too big. Max handled index is " << kMaxVectorLen - 1;
+ return {};
}
next_expr = create<ast::MemberAccessorExpression>(
Source{}, current_expr.expr, Swizzle(index_val));
diff --git a/src/reader/spirv/function.h b/src/reader/spirv/function.h
index b803ad5..f128b41 100644
--- a/src/reader/spirv/function.h
+++ b/src/reader/spirv/function.h
@@ -762,7 +762,8 @@
/// Makes an expression from a SPIR-V ID.
/// if the SPIR-V result type is a pointer.
/// @param id the SPIR-V ID of the value
- /// @returns true if emission has not yet failed.
+ /// @returns an AST expression for the instruction, or an invalid
+ /// TypedExpression on error.
TypedExpression MakeExpression(uint32_t id);
/// Creates an expression and supporting statements for a combinatorial
