Fix validator mem overflow when tracking capabilities

diff --git a/source/validate.h b/source/validate.h
index b94fed2..4374410 100644 (file)
--- a/source/validate.h
+++ b/source/validate.h
@@ -287,6 +287,9 @@ class ValidationState_t {
 
   Functions module_functions_;
 
+  // We are using vector to map the ID of the capability to its availability.
+  // The size of the vector needs to be the maximum ID plus one to cover the
+  // entire range of the capability.
   std::vector<bool> module_capabilities_;
 
   // Definitions and uses of all the IDs in the module.

diff --git a/source/validate_types.cpp b/source/validate_types.cpp
index 3631214..1efb8a9 100644 (file)
--- a/source/validate_types.cpp
+++ b/source/validate_types.cpp
@@ -204,12 +204,9 @@ bool IsInstructionInLayoutSection(ModuleLayoutSection layout, SpvOp op) {
   return out;
 }
 
-// NOTE: We are using vector to map the ID of the capability to its
-// availability. this variable needs to be the maximum id plus one to cover the
-// entire range of the capability. Currently capability 26 is missing so the
-// count is actually 54
-// The maximum ID of capabilities plus one
-static const size_t kCapabilitiesCount = 56;
+// This variable is the maximum ID of capabilities.
+static const size_t kCapabilitiesMaxValue =
+    SpvCapabilityStorageImageWriteWithoutFormat;
 
 }  // anonymous namespace
 
@@ -224,7 +221,7 @@ ValidationState_t::ValidationState_t(spv_diagnostic* diagnostic,
       operand_names_{},
       current_layout_section_(kLayoutCapabilities),
       module_functions_(*this),
-      module_capabilities_(kCapabilitiesCount, false) {}
+      module_capabilities_(kCapabilitiesMaxValue + 1, false) {}
 
 spv_result_t ValidationState_t::forwardDeclareId(uint32_t id) {
   unresolved_forward_ids_.insert(id);