From 8d361dd235db4296236f1deb5a7525f104d68b71 Mon Sep 17 00:00:00 2001
From: Charles Giessen <charles@lunarg.com>
Date: Mon, 15 Nov 2021 15:50:36 -0700
Subject: vulkaninfo: Prevent drivers writing out of bounds

The structure VkPhysicalDeviceShaderIntegerDotProdcutFeaturesKHR contains only a single
feature boolean flag. However, before the final version was published to the public, it
had many boolean flag values. Pre-release drivers often contain support for unpublished
extensions, such as VK_KHR_shader_integer_dot_product. Because the final version was
much smaller than the pre-release version, several drivers try to write to members that
do not exist in the final version, which cause out of bounds writes to the features struct
that vulkaninfo passes into the driver.

By increasing the size of the features struct allocation manually, we can prevent potential
crashes from OOBs writes from drivers.
---
 scripts/vulkaninfo_generator.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'scripts/vulkaninfo_generator.py')

diff --git a/scripts/vulkaninfo_generator.py b/scripts/vulkaninfo_generator.py
index 0dbb4276..ceea1962 100644
--- a/scripts/vulkaninfo_generator.py
+++ b/scripts/vulkaninfo_generator.py
@@ -605,7 +605,14 @@ def PrintChainBuilders(listName, structures, all_structures):
         if s.name in structures:
             out += AddGuardHeader(s)
             if s.sTypeName is not None:
-                out += f"        {{{s.sTypeName}, sizeof({s.name})}},\n"
+                out += f"        {{{s.sTypeName}, sizeof({s.name})"
+                # Specific versions of drivers have an incorrect definition of the size of this struct.
+                # We need to artificially increase it just so the driver doesn't write 'out of bounds' and cause
+                # difficult to debug crashes. This bug comes from the in-development version of the extension having
+                # a larger size than the final version, so older drivers try to writ to members which don't exist.
+                if s.sTypeName == "VK_STRUCTURE_TYPE_PHYSICAL_DEVICE_SHADER_INTEGER_DOT_PRODUCT_FEATURES_KHR":
+                    out += " + 256" # Really make sure a driver wont write out of bounds
+                out += f"}},\n"
             out += AddGuardFooter(s)
     out += f"    }};\n"
     return out
-- 
cgit v1.2.3