From 46466be045fd8a5d00a1853ea76433ba2b3fad9f Mon Sep 17 00:00:00 2001
From: Jeremy Hayes <jeremy@lunarg.com>
Date: Tue, 28 Dec 2021 15:17:39 -0700
Subject: [PATCH] Fix seg fault

Check types before accessing typeName.

Fix #2848.
---
 Test/baseResults/noMatchingFunction.frag.out | 52 ++++++++++++++++++++
 Test/noMatchingFunction.frag                 | 19 +++++++
 glslang/Include/Types.h                      |  7 ++-
 glslang/MachineIndependent/ParseHelper.cpp   |  2 +-
 gtests/AST.FromFile.cpp                      |  1 +
 5 files changed, 78 insertions(+), 3 deletions(-)
 create mode 100644 Test/baseResults/noMatchingFunction.frag.out
 create mode 100644 Test/noMatchingFunction.frag

diff --git a/Test/baseResults/noMatchingFunction.frag.out b/Test/baseResults/noMatchingFunction.frag.out
new file mode 100644
index 00000000..85aa3f6c
--- /dev/null
+++ b/Test/baseResults/noMatchingFunction.frag.out
@@ -0,0 +1,52 @@
+noMatchingFunction.frag
+ERROR: 0:17: 'func' : no matching overloaded function found 
+ERROR: 1 compilation errors.  No code generated.
+
+
+Shader version: 330
+ERROR: node is still EOpNull!
+0:8  Function Definition: func(struct-S-f11; ( global float)
+0:8    Function Parameters: 
+0:8      's' ( in structure{ global float a})
+0:10    Sequence
+0:10      Branch: Return with expression
+0:10        a: direct index for structure ( global float)
+0:10          's' ( in structure{ global float a})
+0:10          Constant:
+0:10            0 (const int)
+0:15  Function Definition: main( ( global void)
+0:15    Function Parameters: 
+0:17    Sequence
+0:17      Sequence
+0:17        move second child to first child ( temp float)
+0:17          'c' ( temp float)
+0:17          Constant:
+0:17            0.000000
+0:18      move second child to first child ( temp 4-component vector of float)
+0:18        'o_color' (layout( location=0) out 4-component vector of float)
+0:18        Construct vec4 ( temp 4-component vector of float)
+0:18          'c' ( temp float)
+0:?   Linker Objects
+0:?     'o_color' (layout( location=0) out 4-component vector of float)
+
+
+Linked fragment stage:
+
+
+Shader version: 330
+ERROR: node is still EOpNull!
+0:15  Function Definition: main( ( global void)
+0:15    Function Parameters: 
+0:17    Sequence
+0:17      Sequence
+0:17        move second child to first child ( temp float)
+0:17          'c' ( temp float)
+0:17          Constant:
+0:17            0.000000
+0:18      move second child to first child ( temp 4-component vector of float)
+0:18        'o_color' (layout( location=0) out 4-component vector of float)
+0:18        Construct vec4 ( temp 4-component vector of float)
+0:18          'c' ( temp float)
+0:?   Linker Objects
+0:?     'o_color' (layout( location=0) out 4-component vector of float)
+
diff --git a/Test/noMatchingFunction.frag b/Test/noMatchingFunction.frag
new file mode 100644
index 00000000..d0956452
--- /dev/null
+++ b/Test/noMatchingFunction.frag
@@ -0,0 +1,19 @@
+#version 330
+
+struct S
+{
+	float a;
+};
+
+float func(S s)
+{
+	return s.a;
+}
+
+layout(location = 0) out vec4 o_color;
+
+void main()
+{
+	float c = func(1.0f); // ERROR: no matching function
+	o_color = vec4(c);
+}
diff --git a/glslang/Include/Types.h b/glslang/Include/Types.h
index 9c1f960e..6a7e61df 100644
--- a/glslang/Include/Types.h
+++ b/glslang/Include/Types.h
@@ -2446,11 +2446,15 @@ public:
     //
     bool sameStructType(const TType& right) const
     {
+        // TODO: Why return true when neither types are structures?
         // Most commonly, they are both nullptr, or the same pointer to the same actual structure
         if ((!isStruct() && !right.isStruct()) ||
             (isStruct() && right.isStruct() && structure == right.structure))
             return true;
 
+        if (!isStruct() || !right.isStruct())
+            return false;
+
         // Structure names have to match
         if (*typeName != *right.typeName)
             return false;
@@ -2460,8 +2464,7 @@ public:
         bool isGLPerVertex = *typeName == "gl_PerVertex";
 
         // Both being nullptr was caught above, now they both have to be structures of the same number of elements
-        if (!isStruct() || !right.isStruct() ||
-            (structure->size() != right.structure->size() && !isGLPerVertex))
+        if (structure->size() != right.structure->size() && !isGLPerVertex)
             return false;
 
         // Compare the names and types of all the members, which have to match
diff --git a/glslang/MachineIndependent/ParseHelper.cpp b/glslang/MachineIndependent/ParseHelper.cpp
index 0f8d05e9..f2bc3152 100644
--- a/glslang/MachineIndependent/ParseHelper.cpp
+++ b/glslang/MachineIndependent/ParseHelper.cpp
@@ -1321,7 +1321,7 @@ TIntermTyped* TParseContext::handleFunctionCall(const TSourceLoc& loc, TFunction
         // Find it in the symbol table.
         //
         const TFunction* fnCandidate;
-        bool builtIn;
+        bool builtIn {false};
         fnCandidate = findFunction(loc, *function, builtIn);
         if (fnCandidate) {
             // This is a declared function that might map to
diff --git a/gtests/AST.FromFile.cpp b/gtests/AST.FromFile.cpp
index b97eddf8..bc573f3e 100644
--- a/gtests/AST.FromFile.cpp
+++ b/gtests/AST.FromFile.cpp
@@ -233,6 +233,7 @@ INSTANTIATE_TEST_SUITE_P(
         "precise_struct_block.vert",
         "maxClipDistances.vert",
         "findFunction.frag",
+        "noMatchingFunction.frag",
         "constantUnaryConversion.comp",
         "xfbUnsizedArray.error.vert",
         "glsl.140.layoutOffset.error.vert",