tint: Limit const expr vector reserve size

The `el_count` will match the WGSL declared array size *before validation*.
Fuzzers have started triggering out-of-memory cases by constructing large constant arrays, just to then error out.

Bug: chromium:1343963
Change-Id: I537ff3a570fe56b40e510b3bc6dfcd9b9752386a
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/96102
Commit-Queue: Ben Clayton <bclayton@google.com>
Kokoro: Kokoro <noreply+kokoro@google.com>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
This commit is contained in:
Ben Clayton 2022-07-13 14:28:23 +00:00 committed by Dawn LUCI CQ
parent 4a9ce59cb2
commit 2a8c00f53a
1 changed files with 1 additions and 1 deletions

View File

@ -434,7 +434,7 @@ const sem::Constant* Resolver::EvaluateCtorOrConvValue(
// Multiple arguments. Must be a type constructor.
std::vector<const Constant*> els; // The constant elements for the composite constant.
els.reserve(el_count);
els.reserve(std::min<uint32_t>(el_count, 256u)); // min() as el_count is unbounded input
// Helper for pushing all the argument constants to `els`.
auto push_all_args = [&] {