From 331bd3fc6989eebc99fd38f73e2bb434db96007a Mon Sep 17 00:00:00 2001
From: baldurk <baldurk@baldurk.org>
Date: Wed, 20 Jul 2016 18:13:16 +0200
Subject: [PATCH] [Coverity] Add bounds checking to #line processing in
 disassembly

---
 .../driver/shaders/dxbc/dxbc_disassemble.cpp  | 20 ++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/renderdoc/driver/shaders/dxbc/dxbc_disassemble.cpp b/renderdoc/driver/shaders/dxbc/dxbc_disassemble.cpp
index fa8815b84..8129f07d3 100644
--- a/renderdoc/driver/shaders/dxbc/dxbc_disassemble.cpp
+++ b/renderdoc/driver/shaders/dxbc/dxbc_disassemble.cpp
@@ -418,16 +418,20 @@ void DXBCFile::MakeDisassemblyString()
 
       // handle #line directives by inserting empty lines or erasing as necessary
 
-      char emptyString[] = "";
-
       for(size_t srcLine = 0; srcLine < srclines.size(); srcLine++)
       {
-        char *c = emptyString;
-        if(!srclines[srcLine].empty())
-          c = &srclines[srcLine][0];
+        if(srclines[srcLine].empty())
+          continue;
+
+        char *c = &srclines[srcLine][0];
+        char *end = c + srclines[srcLine].size();
+
         while(*c == '\t' || *c == ' ' || *c == '\r')
           c++;
 
+        if(c + 5 > end)
+          continue;
+
         if(strncmp(c, "#line", 5))
         {
           // resize up to account for the current line, if necessary
@@ -449,9 +453,15 @@ void DXBCFile::MakeDisassemblyString()
         // we have a #line directive
         c += 5;
 
+        if(c >= end)
+          continue;
+
         while(*c == '\t' || *c == ' ')
           c++;
 
+        if(c >= end)
+          continue;
+
         // invalid #line, no line number. Skip/ignore
         if(*c < '0' || *c > '9')
           continue;