🔍 Module Scanned
(automated audit scan)
📝 Summary
The function in performs a subtraction () without checking if is zero. If called when the component/entity arrays are empty but the sparse map somehow still contains an entry (a desync condition), this causes integer underflow resulting in an out-of-bounds array access and panic.
📍 Location
🔴 Severity: Medium
- Medium: Latent bug - while this desync cannot occur through correct API usage, defensive code should handle this case to prevent crashes if internal state becomes corrupted or through future refactorings.
💥 Impact
If the bug is triggered (via desync of map and arrays), the program will panic with an out-of-bounds array access. The desync condition cannot occur through normal API usage since , , and all keep the map and arrays synchronized. However, if a future code change introduces a bug or if internal state becomes corrupted through other means, this would cause a crash instead of a graceful error.
🔎 Evidence
If is 0, then on wraps to , causing an out-of-bounds access on the next line when is accessed.
🛠️ Proposed Fix
Add a bounds check at the start of the removal block:
Alternatively, use or add a to catch this in debug builds.
✅ Acceptance Criteria
📚 References
🔍 Module Scanned
(automated audit scan)
📝 Summary
The function in performs a subtraction () without checking if is zero. If called when the component/entity arrays are empty but the sparse map somehow still contains an entry (a desync condition), this causes integer underflow resulting in an out-of-bounds array access and panic.
📍 Location
🔴 Severity: Medium
💥 Impact
If the bug is triggered (via desync of map and arrays), the program will panic with an out-of-bounds array access. The desync condition cannot occur through normal API usage since , , and all keep the map and arrays synchronized. However, if a future code change introduces a bug or if internal state becomes corrupted through other means, this would cause a crash instead of a graceful error.
🔎 Evidence
If is 0, then on wraps to , causing an out-of-bounds access on the next line when is accessed.
🛠️ Proposed Fix
Add a bounds check at the start of the removal block:
Alternatively, use or add a to catch this in debug builds.
✅ Acceptance Criteria
Compiler: 0.16.0
assets/shaders/vulkan/sky.vert
assets/shaders/vulkan/g_pass.frag
assets/shaders/vulkan/ui_tex.vert
assets/shaders/vulkan/ui.frag
assets/shaders/vulkan/water.frag
assets/shaders/vulkan/shadow.frag
assets/shaders/vulkan/taa.frag
assets/shaders/vulkan/ui.vert
assets/shaders/vulkan/ssao_blur.frag
assets/shaders/vulkan/lpv_inject.comp
assets/shaders/vulkan/terrain.frag
assets/shaders/vulkan/debug_shadow.frag
assets/shaders/vulkan/taa.vert
assets/shaders/vulkan/ui_tex.frag
assets/shaders/vulkan/ssao.frag
assets/shaders/vulkan/shadow.vert
assets/shaders/vulkan/lpv_propagate.comp
assets/shaders/vulkan/terrain.vert
assets/shaders/vulkan/sky.frag
assets/shaders/vulkan/debug_shadow.vert
assets/shaders/vulkan/water.vert
assets/shaders/vulkan/culling.comp
assets/shaders/vulkan/depth_pyramid.comp
assets/shaders/vulkan/bloom_downsample.vert
assets/shaders/vulkan/bloom_upsample.vert
assets/shaders/vulkan/debug_shadow.vert
assets/shaders/vulkan/fxaa.vert
assets/shaders/vulkan/post_process.vert
assets/shaders/vulkan/shadow.vert
assets/shaders/vulkan/sky.vert
assets/shaders/vulkan/ssao.vert
assets/shaders/vulkan/taa.vert
assets/shaders/vulkan/terrain.vert
assets/shaders/vulkan/ui.vert
assets/shaders/vulkan/ui_tex.vert
assets/shaders/vulkan/water.vert
assets/shaders/vulkan/bloom_downsample.frag
assets/shaders/vulkan/bloom_upsample.frag
assets/shaders/vulkan/debug_shadow.frag
assets/shaders/vulkan/fxaa.frag
assets/shaders/vulkan/g_pass.frag
assets/shaders/vulkan/post_process.frag
assets/shaders/vulkan/shadow.frag
assets/shaders/vulkan/sky.frag
assets/shaders/vulkan/ssao.frag
assets/shaders/vulkan/ssao_blur.frag
assets/shaders/vulkan/taa.frag
assets/shaders/vulkan/terrain.frag
assets/shaders/vulkan/terrain_debug.frag
assets/shaders/vulkan/ui.frag
assets/shaders/vulkan/ui_tex.frag
assets/shaders/vulkan/water.frag
assets/shaders/vulkan/culling.comp
assets/shaders/vulkan/depth_pyramid.comp
assets/shaders/vulkan/lpv_inject.comp
assets/shaders/vulkan/lpv_propagate.comp
assets/shaders/vulkan/mesh.comp
assets/shaders/vulkan/mesh.comp
assets/shaders/vulkan/ssao.vert
📚 References