spirv-opt: Fix id overflow in ConvertToSampledImage (#6339)

In ConvertImageVariableToSampledImage, the result of FindPointerToType
is
not checked before being passed to MoveInstructionNextToType. This can
cause a crash if FindPointerToType returns 0.

This CL adds a check to ensure type_id is not 0 before calling
MoveInstructionNextToType. If type_id is 0, the function will return
false.

Author: s-perron

source/opt/convert_to_sampled_image_pass.cpp

@@ -246,9 +246,10 @@ Instruction* ConvertToSampledImagePass::CreateImageExtraction(
   InstructionBuilder builder(
       context(), sampled_image->NextNode(),
       IRContext::kAnalysisDefUse | IRContext::kAnalysisInstrToBlockMapping);
-  return builder.AddUnaryOp(
+  Instruction* result = builder.AddUnaryOp(
       GetImageTypeOfSampledImage(context()->get_type_mgr(), sampled_image),
       spv::Op::OpImage, sampled_image->result_id());
+  return result;
 }
 
 uint32_t ConvertToSampledImagePass::GetSampledImageTypeForImage(
@@ -270,6 +271,9 @@ Instruction* ConvertToSampledImagePass::UpdateImageUses(
   if (uses_of_load.empty()) return nullptr;
 
   auto* extracted_image = CreateImageExtraction(sampled_image_load);
+  if (extracted_image == nullptr) {
+    return nullptr;
+  }
   for (auto* user : uses_of_load) {
     user->SetInOperand(0, {extracted_image->result_id()});
     context()->get_def_use_mgr()->AnalyzeInstUse(user);
@@ -306,8 +310,12 @@ void ConvertToSampledImagePass::UpdateSampledImageUses(
       def_use_mgr->AnalyzeInstUse(image_load);
       context()->KillInst(sampled_image_inst);
     } else {
-      if (!image_extraction)
+      if (!image_extraction) {
         image_extraction = CreateImageExtraction(image_load);
+        if (image_extraction == nullptr) {
+          return;
+        }
+      }
       sampled_image_inst->SetInOperand(0, {image_extraction->result_id()});
       def_use_mgr->AnalyzeInstUse(sampled_image_inst);
     }
@@ -333,6 +341,9 @@ bool ConvertToSampledImagePass::ConvertImageVariableToSampledImage(
   // reference.
   uint32_t type_id = context()->get_type_mgr()->FindPointerToType(
       sampled_image_type_id, storage_class);
+  if (type_id == 0) {
+    return false;
+  }
   MoveInstructionNextToType(image_variable, type_id);
   return true;
 }