Fix parser assert failure for a bad OpSwitch

Emit a diagnostic if the OpSwitch selector refers to an ID that is valid but has no type. Discovered by afl-fuzz.
author: David Neto <dneto@google.com> 2015-12-23 13:21:43 -0500
committer: David Neto <dneto@google.com> 2016-01-05 11:25:58 -0500
commit: 3664bd5670d95cde15a04b58cc1c4ab96f5b6e47 (patch)
tree: d207e26160de38e6bedd0408f34a0590b093a4eb /source/binary.cpp
parent: 1a3734d265b7f6ca5e0de8dc672a9b2986cf46d0 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/source/binary.cpp b/source/binary.cpp
index 533fe7f9..99cf30f2 100755
--- a/source/binary.cpp
+++ b/source/binary.cpp
@@ -555,8 +555,9 @@ spv_result_t Parser::parseOperand(size_t inst_offset,
         // The literal operands have the same type as the value
         // referenced by the selector Id.
         const uint32_t selector_id = peekAt(inst_offset + 1);
-        auto type_id_iter = _.id_to_type_id.find(selector_id);
-        if (type_id_iter == _.id_to_type_id.end()) {
+        const auto type_id_iter = _.id_to_type_id.find(selector_id);
+        if (type_id_iter == _.id_to_type_id.end() ||
+            type_id_iter->second == 0) {
           return diagnostic() << "Invalid OpSwitch: selector id " << selector_id
                               << " has no type";
         }
author	David Neto <dneto@google.com>	2015-12-23 13:21:43 -0500
committer	David Neto <dneto@google.com>	2016-01-05 11:25:58 -0500
commit	3664bd5670d95cde15a04b58cc1c4ab96f5b6e47 (patch)
tree	d207e26160de38e6bedd0408f34a0590b093a4eb /source/binary.cpp
parent	1a3734d265b7f6ca5e0de8dc672a9b2986cf46d0 (diff)