From a943600019969ce0382821e7ee19ef4b990564cb Mon Sep 17 00:00:00 2001
From: v1993 <v19930312@gmail.com>
Date: Mon, 17 Jan 2022 12:45:34 +0300
Subject: shader_recompiler: fix potential OOB access

Found by static analysis with PVS-Studio. Original check wasn't actually checking for OOB and would segfault in case of it.
---
 src/shader_recompiler/backend/glsl/glsl_emit_context.cpp   | 7 ++++---
 src/shader_recompiler/backend/spirv/spirv_emit_context.cpp | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp b/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp
index bb7f1a0fd..e816a93ec 100644
--- a/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp
+++ b/src/shader_recompiler/backend/glsl/glsl_emit_context.cpp
@@ -458,9 +458,10 @@ void EmitContext::DefineGenericOutput(size_t index, u32 invocations) {
         std::string definition{fmt::format("layout(location={}", index)};
         const u32 remainder{4 - element};
         const TransformFeedbackVarying* xfb_varying{};
-        if (!runtime_info.xfb_varyings.empty()) {
-            xfb_varying = &runtime_info.xfb_varyings[base_index + element];
-            xfb_varying = xfb_varying && xfb_varying->components > 0 ? xfb_varying : nullptr;
+        const size_t xfb_varying_index{base_index + element};
+        if (xfb_varying_index < runtime_info.xfb_varyings.size()) {
+            xfb_varying = &runtime_info.xfb_varyings[xfb_varying_index];
+            xfb_varying = xfb_varying->components > 0 ? xfb_varying : nullptr;
         }
         const u32 num_components{xfb_varying ? xfb_varying->components : remainder};
         if (element > 0) {
diff --git a/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp b/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp
index d3ba66569..cd90c084a 100644
--- a/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp
+++ b/src/shader_recompiler/backend/spirv/spirv_emit_context.cpp
@@ -164,9 +164,10 @@ void DefineGenericOutput(EmitContext& ctx, size_t index, std::optional<u32> invo
     while (element < 4) {
         const u32 remainder{4 - element};
         const TransformFeedbackVarying* xfb_varying{};
-        if (!ctx.runtime_info.xfb_varyings.empty()) {
-            xfb_varying = &ctx.runtime_info.xfb_varyings[base_attr_index + element];
-            xfb_varying = xfb_varying && xfb_varying->components > 0 ? xfb_varying : nullptr;
+        const size_t xfb_varying_index{base_attr_index + element};
+        if (xfb_varying_index < ctx.runtime_info.xfb_varyings.size()) {
+            xfb_varying = &ctx.runtime_info.xfb_varyings[xfb_varying_index];
+            xfb_varying = xfb_varying->components > 0 ? xfb_varying : nullptr;
         }
         const u32 num_components{xfb_varying ? xfb_varying->components : remainder};
 
-- 
cgit v1.2.3