Fix buffer read overrun in linker

Fixes an ASAN failure. Was occuring when generating the OpModuleProcessed instruction declaring that this module was processed by the linker.
author: David Neto <dneto@google.com> 2018-06-12 16:27:47 -0400
committer: David Neto <dneto@google.com> 2018-06-13 10:18:04 -0400
commit: b49cbf09c27ac2f89c885699bcfcfe283f3bb2e8 (patch)
tree: 350331a35e4d1f92794d672b3afe60c9119b12a0 /source/link
parent: 1f7b1f1bf796bcb47955c449d76102fb3cbc9ec1 (diff)
1 files changed, 5 insertions, 4 deletions
diff --git a/source/link/linker.cpp b/source/link/linker.cpp
index 49cda4bd..50d18707 100644
--- a/source/link/linker.cpp
+++ b/source/link/linker.cpp
@@ -456,10 +456,11 @@ static spv_result_t MergeModules(const MessageConsumer& consumer,
   // OpModuleProcessed instruction about the linking step.
   if (linked_module->version() >= 0x10100) {
     const std::string processed_string("Linked by SPIR-V Tools Linker");
-    const size_t words_nb =
-        processed_string.size() / 4u + (processed_string.size() % 4u != 0u);
-    std::vector<uint32_t> processed_words(words_nb, 0u);
-    std::memcpy(processed_words.data(), processed_string.data(), words_nb * 4u);
+    const auto num_chars = processed_string.size();
+    // Compute num words, accommodate the terminating null character.
+    const auto num_words = (num_chars + 1 + 3) / 4;
+    std::vector<uint32_t> processed_words(num_words, 0u);
+    std::memcpy(processed_words.data(), processed_string.data(), num_chars);
     linked_module->AddDebug3Inst(std::unique_ptr<Instruction>(
         new Instruction(linked_context, SpvOpModuleProcessed, 0u, 0u,
                         {{SPV_OPERAND_TYPE_LITERAL_STRING, processed_words}})));
author	David Neto <dneto@google.com>	2018-06-12 16:27:47 -0400
committer	David Neto <dneto@google.com>	2018-06-13 10:18:04 -0400
commit	b49cbf09c27ac2f89c885699bcfcfe283f3bb2e8 (patch)
tree	350331a35e4d1f92794d672b3afe60c9119b12a0 /source/link
parent	1f7b1f1bf796bcb47955c449d76102fb3cbc9ec1 (diff)