From 00e7bbd8f3074bc3dbf80f7cf250909e370b426f Mon Sep 17 00:00:00 2001
From: Marijn Suijten <marijn@traverseresearch.nl>
Date: Mon, 1 Mar 2021 10:07:27 +0100
Subject: [PATCH] Fix safe CmdBuildAccelerationStructuresIndirect signature and
 add extra length validation (#365)

* khr/acceleration_structure: Fix fn signature of indirect build cmd

max_primitive_counts is an array of arrays, not an array of references
to single u32's.

* khr/acceleration_structure: Validate array length against geometry_count

This is a safe wrapper that already iterates over all the slice
references (fat pointers) to collect just the pointers for use in the
Vulkan API. It can and should at the same time make sure these slices
are of the specified length to prevent accidental out-of-bounds reads.
---
 .../extensions/khr/acceleration_structure.rs  | 34 ++++++++++++-------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/ash/src/extensions/khr/acceleration_structure.rs b/ash/src/extensions/khr/acceleration_structure.rs
index efe1d5a..1a24647 100644
--- a/ash/src/extensions/khr/acceleration_structure.rs
+++ b/ash/src/extensions/khr/acceleration_structure.rs
@@ -42,18 +42,14 @@ impl AccelerationStructure {
         allocation_callbacks: Option<&vk::AllocationCallbacks>,
     ) -> VkResult<vk::AccelerationStructureKHR> {
         let mut accel_struct = mem::zeroed();
-        let err_code = self
-            .acceleration_structure_fn
+        self.acceleration_structure_fn
             .create_acceleration_structure_khr(
                 self.handle,
                 create_info,
                 allocation_callbacks.as_raw_ptr(),
                 &mut accel_struct,
-            );
-        match err_code {
-            vk::Result::SUCCESS => Ok(accel_struct),
-            _ => Err(err_code),
-        }
+            )
+            .result_with_success(accel_struct)
     }
 
     #[doc = "<https://www.khronos.org/registry/vulkan/specs/1.2-extensions/man/html/vkDestroyAccelerationStructureKHR.html>"]
@@ -81,8 +77,12 @@ impl AccelerationStructure {
 
         let build_range_infos = build_range_infos
             .iter()
-            .map(|slice| slice.as_ptr())
-            .collect::<Vec<*const _>>();
+            .zip(infos.iter())
+            .map(|(range_info, info)| {
+                assert_eq!(range_info.len(), info.geometry_count as usize);
+                range_info.as_ptr()
+            })
+            .collect::<Vec<_>>();
 
         self.acceleration_structure_fn
             .cmd_build_acceleration_structures_khr(
@@ -100,7 +100,7 @@ impl AccelerationStructure {
         infos: &[vk::AccelerationStructureBuildGeometryInfoKHR],
         indirect_device_addresses: &[vk::DeviceAddress],
         indirect_strides: &[u32],
-        max_primitive_counts: &[&u32],
+        max_primitive_counts: &[&[u32]],
     ) {
         assert_eq!(infos.len(), indirect_device_addresses.len());
         assert_eq!(infos.len(), indirect_strides.len());
@@ -108,7 +108,11 @@ impl AccelerationStructure {
 
         let max_primitive_counts = max_primitive_counts
             .iter()
-            .map(|cnt| *cnt as *const _)
+            .zip(infos.iter())
+            .map(|(cnt, info)| {
+                assert_eq!(cnt.len(), info.geometry_count as usize);
+                cnt.as_ptr()
+            })
             .collect::<Vec<_>>();
 
         self.acceleration_structure_fn
@@ -133,8 +137,12 @@ impl AccelerationStructure {
 
         let build_range_infos = build_range_infos
             .iter()
-            .map(|slice| slice.as_ptr())
-            .collect::<Vec<*const _>>();
+            .zip(infos.iter())
+            .map(|(range_info, info)| {
+                assert_eq!(range_info.len(), info.geometry_count as usize);
+                range_info.as_ptr()
+            })
+            .collect::<Vec<_>>();
 
         self.acceleration_structure_fn
             .build_acceleration_structures_khr(