Re: [PATCH 0/6] MR606: Constant buffer reflection

Giovanni Mascellani (@giomasce) commented about libs/vkd3d-shader/dxbc.c:

+ buffer_offset = read_u32(&ptr); + /* Resource count and offset; not currently used. */ + read_u32(&ptr); + read_u32(&ptr); + profile = read_u32(&ptr); + + is_sm5 = ((profile >> DXBC_PROFILE_MAJOR_VERSION_SHIFT) & DXBC_PROFILE_MAJOR_VERSION_MASK) >= 5; + + if (buffer_count) + { + struct vkd3d_shader_d3d_buffer *buffers; + + if (!(buffers = vkd3d_calloc(buffer_count, sizeof(*buffers)))) + return VKD3D_ERROR_OUT_OF_MEMORY; + + ptr = data + buffer_offset; Shouldn't this and similar computations elsewhere require some bound checking?

-- https://gitlab.winehq.org/wine/vkd3d/-/merge_requests/606#note_59605