[spirv][fuzz] Check for embedded null characters in remapped entry point

Strings in SPIR-V are null terminated, and these embedded null characters cause the SPIR-V parser to move on to the next operand prematurely. Fixed: 383379785 Fixed: 383379790 Change-Id: Id8ac0fe1f76e6d243b3da8e93f6c515c67c26b53 Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/219254 Reviewed-by: Ryan Harrison <[email protected]> Auto-Submit: James Price <[email protected]> Commit-Queue: Ryan Harrison <[email protected]> Commit-Queue: James Price <[email protected]>
google · Dec 12, 2024 · f30182a · f30182a
1 parent 1eff04c
commit f30182a
Showing 1 changed file with 9 additions and 3 deletions.
diff --git a/src/tint/lang/spirv/writer/writer_fuzz.cc b/src/tint/lang/spirv/writer/writer_fuzz.cc
@@ -38,9 +38,15 @@ namespace tint::spirv::writer {
 namespace {
 
 bool CanRun(const core::ir::Module& module, const Options& options) {
-    // If a remapped entry point name is provided, it must not be empty.
-    if (options.remapped_entry_point_name && options.remapped_entry_point_name->empty()) {
-        return false;
+    // If a remapped entry point name is provided, it must not be empty, and must not contain
+    // embedded null characters.
+    if (options.remapped_entry_point_name) {
+        if (options.remapped_entry_point_name->empty()) {
+            return false;
+        }
+        if (options.remapped_entry_point_name->find('\0') != std::string::npos) {
+            return false;
+        }
     }
 
     // Check for unsupported module-scope variable address spaces and types.