From cb8f3308a3e24388ee0e28ceb5a0b5bbeafdd24b Mon Sep 17 00:00:00 2001
From: James Price <jrprice@google.com>
Date: Wed, 3 May 2023 23:11:55 +0000
Subject: [PATCH] spirv-reader: Error for OpUndef image argument

We can't generate meaningful WGSL for this case, so just avoid
crashing.

Bug: oss-fuzz:58112
Change-Id: I6c02d9113c237171fdafcd06e063a62f26cae9c0
Reviewed-on: https://dawn-review.googlesource.com/c/dawn/+/128900
Kokoro: Kokoro <noreply+kokoro@google.com>
Commit-Queue: James Price <jrprice@google.com>
Reviewed-by: David Neto <dneto@google.com>
---
 src/tint/reader/spirv/function.cc             |  3 +++
 .../reader/spirv/parser_impl_handle_test.cc   | 25 +++++++++++++++++++
 2 files changed, 28 insertions(+)

diff --git a/src/tint/reader/spirv/function.cc b/src/tint/reader/spirv/function.cc
index 8061f749c4..45f6b35f4d 100644
--- a/src/tint/reader/spirv/function.cc
+++ b/src/tint/reader/spirv/function.cc
@@ -5183,6 +5183,9 @@ bool FunctionEmitter::EmitFunctionCall(const spvtools::opt::Instruction& inst) {
             const auto usage = parser_impl_.GetHandleUsage(arg_id);
             const auto* mem_obj_decl =
                 parser_impl_.GetMemoryObjectDeclarationForHandle(arg_id, usage.IsTexture());
+            if (!mem_obj_decl) {
+                return Fail() << "invalid handle object passed as function parameter";
+            }
             expr = MakeExpression(mem_obj_decl->result_id());
             // Pass the handle through instead of a pointer to the handle.
             expr.type = parser_impl_.GetHandleTypeForSpirvHandle(*mem_obj_decl);
diff --git a/src/tint/reader/spirv/parser_impl_handle_test.cc b/src/tint/reader/spirv/parser_impl_handle_test.cc
index dd572b6ce3..15a62a60b0 100644
--- a/src/tint/reader/spirv/parser_impl_handle_test.cc
+++ b/src/tint/reader/spirv/parser_impl_handle_test.cc
@@ -4236,5 +4236,30 @@ return;
     ASSERT_EQ(expect, got);
 }
 
+TEST_F(SpvParserHandleTest, OpUndef_FunctionParam) {
+    // We can't generate reasonable WGSL when an OpUndef is passed as an argument to a function
+    // parameter that is expecting an image object, so just make sure that we do not crash.
+    const auto assembly = Preamble() + FragMain() + " " + CommonTypes() + R"(
+     %f_ty = OpTypeFunction %void %f_storage_1d
+     %20 = OpUndef %f_storage_1d
+
+     %func = OpFunction %void None %f_ty
+     %im = OpFunctionParameter %f_storage_1d
+     %func_entry = OpLabel
+     OpImageWrite %im %uint_1 %v4float_null
+     OpReturn
+     OpFunctionEnd
+
+     %main = OpFunction %void None %voidfn
+     %entry = OpLabel
+     %foo = OpFunctionCall %void %func %20
+     OpReturn
+     OpFunctionEnd
+  )";
+    auto p = parser(test::Assemble(assembly));
+    EXPECT_FALSE(p->BuildAndParseInternalModule());
+    EXPECT_EQ(p->error(), "invalid handle object passed as function parameter");
+}
+
 }  // namespace
 }  // namespace tint::reader::spirv