Vulkan - bug in queue initialization causing out of bounds access

[TLaviron]

See image for the offending code. What happens is: 1 - An array is allocated to store the available/used queue count for every possible queue type. 2 - These are sized using maxQueueFlag defined above which equals 31, and is the combination of all (at the time of writing the code, I assume) possible queue flags. 3 - The arrays are indexed using the queue flags for each available queue type, as reported by the driver. 4 - New queue flags have been added to the Vulkan spec, and drivers expose queues supporting these, as evidenced by the queue flags in queueFamilyPropertes[3] which equals 44 (combination of VK_QUEUE_TRANSFER_BIT | VK_QUEUE_SPARSE_BINDING_BIT | VK_QUEUE_VIDEO_DECODE_BIT_KHR). This result in out of bounds access.

Also not that even without the new queue flags, the array size is too small by one, because a hypothetical queue supporting all of graphics, compute, transfer, sparse binding and protected operations would still index out of bounds.

This bug is particularly nasty, because it can (and has, in our case) make an app that worked fine break by updating the graphics driver.

[wolfgangfengel]

I believe we fixed this for the next release.