Re: [PATCH v2 0/1] MR113: vkd3d-shader/dxbc: Validate and skip the signature section header size.

@@ -1934,7 +1934,22 @@ static int shader_parse_signature(const struct vkd3d_shader_dxbc_section_desc *s
     read_dword(&ptr, &count);
     TRACE("%u elements.\n", count);

-    skip_dword_unknown(&ptr, 1); /* It seems to always be 0x00000008. */
+    read_dword(&ptr, &header_size);
+    if (header_size & (sizeof(uint32_t) - 1))
+    {
+        WARN("Header size %#x is not 32-bit aligned.\n", header_size);
+        return VKD3D_ERROR_INVALID_ARGUMENT;
+    }
+    header_size /= sizeof(uint32_t);
+    if (header_size < 2)
+    {
+        WARN("Invalid header size %u.\n", header_size);
+    }
+    else
+    {
+        for (header_size -= 2; header_size; --header_size)
+            skip_dword_unknown(&ptr, 1);
+    }

     if (!require_space(ptr - data, count, 6 * sizeof(uint32_t), section->data.size))
     {

We should validate with require_space() that there is sufficient space left in the section to read the header.

When called from vkd3d_shader_parse_input_signature() in particular, ideally we'd use vkd3d_shader_error() to report parsing errors. This will require plumbing "message_context" from for_each_dxbc_section() through to "section_handler", and that's not an issue introduced in this patch, but since we're touching it...