Update naga span.rs: fix potential buffer overflow (panic) in span.rs where start happens to get an unexpected high value

[HaHa421]

fix Span potential buffer overflow

Description
I got situations where start gets an unexpected high value on Android emulators (Android Studio,BlueStacks and LDPlayer) , but not on real devices. Didn't investigated why start gets such a value, just fixed that to let it work...

Testing
the panic doesn't occur any more

[HaHa421]

oops : logcat filtered this out:
'06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipefailed to create shader module: Validation Error
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipeCaused by:
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe In Device::create_shader_module
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipeShader validation error: Function [63] 'pbr_input_from_standard_materialX_naga_oil_mod_XMJSXM6K7OBRHEOR2OBRHEX3GOJQWO3LFNZ2AX' is invalid
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe ┌─ :1:1
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe │
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe1 │
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe │
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe │
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe │ naga::Expression [88]
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe │ naga::Function [63]
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe │
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe = Expression [88] is invalid
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe = Shader requires capability Capabilities(SAMPLED_TEXTURE_AND_STORAGE_BUFFER_ARRAY_NON_UNIFORM_INDEXING)
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe Function [63] 'pbr_input_from_standard_materialX_naga_oil_mod_XMJSXM6K7OBRHEOR2OBRHEX3GOJQWO3LFNZ2AX' is invalid
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe Expression [88] is invalid
06-05 20:18:21.773 3288 3325 E event ..\bevy-0.16.1\crates\bevy_render\src\render_resource\pipe Shader requires capability Capabilities(SAMPLED_TEXTURE_AND_STORAGE_BUFFER_ARRAY_NON_UNIFORM_INDEXING)'

[andyleiserson]

Thanks for opening this PR. I had fixed a similar issue in #7390, but I didn't cover all the functions that index into caller-provided source, and my fix was only for the case where the provided source was empty (which we know happens due to certain module types), and not the general case of spans that are out of range.

One way that problems could arise here (of which the above is really just a special case) is if the provided source doesn't match the module. Another way is if Naga generates bogus spans. Obviously we'd want to fix the latter, but the former isn't under our control. Either way I'm not sure that silencing the issue by returning an empty string is the best option.

I'm not sure I understand your comment with the additional logcat output, that looks like an unrelated shader error. Does that error get emitted before whatever error is resulting in the panic?

[HaHa421]

You' re definitively right: the error appearing in the log is unrelated to the cause of the crash: I changed to let prefix = if self.start < source.len() as u32 {
&source[..self.start as usize]
} else {
"UNKNOWN_PREFIX"
}; UNKNOWN_PREFIX doesn't appear in the log

[jimblandy]

I don't think this PR is the right approach. Although it is possible, as Andy says, that Naga might be generating bad spans usually these crashes arise when people aren't providing the source code from which the Module was produced. We could help people fix their problems faster if these functions panicked with a message suggesting that they make sure they're providing the right source.