Skip to content

NULL-pointer dereference in Pass::FindOffsetInStruct() #11348

New issue
New issue
Open
Open
NULL-pointer dereference in Pass::FindOffsetInStruct()#11348
Assignees
spencer-lunarg
Labels
GPU-AVGPU Assisted Validation
@corporateshark

Description

@corporateshark
corporateshark
opened on Dec 26, 2025

Environment:

  • OS: Windows 10
  • GPU and driver version: RTX 3070 Ti, 591.59
  • SDK or header version if building from repo: Vulkan SDK 1.4.335
  • Options enabled (synchronization, best practices, etc.): Core, Synchronization, GPU-AV

Describe the Issue

NULL-pointer dereference in pass.cpp in Pass::FindOffsetInStruct():

case SpvType::kStruct: {
    // Get buffer byte offset for the referenced member
    current_offset = GetMemberDecoration(current_type_id, constant_value, spv::DecorationOffset)->Word(4);

When creating a rendering pipeline using this Slang shader:

float4x4 operator*(float4x4 a, float4x4 b) { return mul(b, a); }
float4   operator*(float4x4 a, float4   b) { return mul(b, a); }

struct PerFrame {
  float4x4 proj[2];
  float4x4 view[2];
};

struct PushConstants {
  PerFrame* bufPerFrame;
  uint texSkyBox;
};

[[vk::push_constant]] PushConstants pc;

struct VSOutput {
  float4 position : SV_Position;
  float3 dir : TEXCOORD0;
};

static const float3 pos[8] = {
  float3(-1.0,-1.0, 1.0),
  float3( 1.0,-1.0, 1.0),
  float3( 1.0, 1.0, 1.0),
  float3(-1.0, 1.0, 1.0),
  float3(-1.0,-1.0,-1.0),
  float3( 1.0,-1.0,-1.0),
  float3( 1.0, 1.0,-1.0),
  float3(-1.0, 1.0,-1.0)
};

static const int indices[36] = {
  0, 1, 2, 2, 3, 0,
  1, 5, 6, 6, 2, 1,
  7, 6, 5, 5, 4, 7,
  4, 0, 3, 3, 7, 4,
  4, 5, 1, 1, 0, 4,
  3, 2, 6, 6, 7, 3
};

float4x4 fromMat3(float3x3 m) {
  return float4x4(float4(m[0], 0.0),
                  float4(m[1], 0.0),
                  float4(m[2], 0.0),
                  float4(0.0, 0.0, 0.0, 1.0));
}

[shader("vertex")]
VSOutput vertexMain(uint vertexIndex : SV_VertexID, uint viewIndex : SV_ViewID) {
  PerFrame* perFrame = pc.bufPerFrame;

  int idx = indices[vertexIndex];

  VSOutput out;
  out.position = perFrame[0].proj[viewIndex] *
                 fromMat3((float3x3)perFrame[0].view[viewIndex]) * float4(50.0 * pos[idx], 1.0);

  out.dir = pos[idx].zxy;

  return out;
}

[shader("fragment")]
float4 fragmentMain(VSOutput input) : SV_Target {
  return float4(0, 0, 0, 1);
}

Full repro code: https://github.com/corporateshark/lightweightvk/blob/414de8e20d3d86211c3875c57c519b9755391411/samples/DEMO_001_SolarSystem.cpp#L191

Expected behavior

No crash.

Metadata

Metadata

Assignees

Labels

GPU-AVGPU Assisted Validation

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions