Crash with copy to empty acceleration structure

[djdeath]

I'm getting a crash on the Intel/Mesa driver :

$ gdb --args build/tauray test/test.glb
Thread 1 "tauray" received signal SIGSEGV, Segmentation fault.
0x00007ffff37d7248 in vk_buffer_address (buffer=0x0, offset=0) at ../src/vulkan/runtime/vk_buffer.h:72
72	   return buffer->device_address + offset;
(gdb) bt
#0  0x00007ffff37d7248 in vk_buffer_address (buffer=0x0, offset=0) at ../src/vulkan/runtime/vk_buffer.h:72
#1  0x00007ffff37d72ab in vk_acceleration_structure_get_va (accel_struct=0x5555579d26e0) at ../src/vulkan/runtime/vk_acceleration_structure.h:62
#2  0x00007ffff37d96b3 in gfx125_CmdCopyAccelerationStructureKHR (commandBuffer=0x555558213a40, pInfo=0x7fffffffc480) at ../src/intel/vulkan/genX_acceleration_structure.c:740
#3  0x0000555555977c1b in vk::CommandBuffer::copyAccelerationStructureKHR<vk::DispatchLoaderDynamic> (d=..., info=..., this=<optimized out>)
    at tauray/external/Vulkan-Headers/include/vulkan/vulkan_funcs.hpp:14193
#4  tr::bottom_level_acceleration_structure::rebuild_from (this=0x7fffffffc820, id=1, other=..., frame_index=0, cb=..., entries=std::vector of length 8, capacity 8 = {...}, 
    update=false) at tauray/src/acceleration_structure.cc:254
#5  0x0000555555975e99 in tr::bottom_level_acceleration_structure::rebuild (this=0x7fffffffc820, id=1, frame_index=0, cb=..., entries=std::vector of length 8, capacity 8 = {...}, 
    update=false) at tauray/src/acceleration_structure.cc:63
#6  0x0000555555975c78 in tr::bottom_level_acceleration_structure::bottom_level_acceleration_structure (this=0x7fffffffc820, dev=..., 
    entries=std::vector of length 8, capacity 8 = {...}, backface_culled=false, dynamic=false, compact=true) at tauray/src/acceleration_structure.cc:33
#7  0x0000555555840a96 in tr::scene_stage::ensure_blas (this=0x555556b8a0e0) at tauray/src/scene_stage.cc:859
#8  0x0000555555840616 in tr::scene_stage::refresh_instance_cache (this=0x555556b8a0e0) at tauray/src/scene_stage.cc:813
#9  0x00005555558442c5 in tr::scene_stage::update (this=0x555556b8a0e0, frame_index=0) at tauray/src/scene_stage.cc:1046
#10 0x0000555555893c04 in tr::multi_device_stage::run (this=0x555556b8a0e0, deps=...) at tauray/src/stage.cc:40
#11 0x000055555580fb24 in tr::rt_renderer<tr::path_tracer_stage>::render (this=0x555556b89990) at tauray/src/rt_renderer.cc:95
#12 0x0000555555659211 in tr::interactive_viewer (ctx=..., sd=..., opt=...) at tauray/src/tauray.cc:985
#13 0x000055555565a5ef in tr::run (ctx=..., sd=..., opt=...) at tauray/src/tauray.cc:1185
#14 0x000055555559397c in main (argv=0x7fffffffdbf8) at tauray/src/main.cc:32

But honestly it looks like it would crash any driver, since the copy destination is created with 0 size, no buffer or address and the source is another acceleration structure with a non 0 size :

vkCreateAccelerationStructureKHR(device, pCreateInfo, pAllocator, pAccelerationStructure) returns VkResult VK_SUCCESS (0):
    device:                         VkDevice = 0x562fca5dd340
    pCreateInfo:                    const VkAccelerationStructureCreateInfoKHR* = 0x7ffc1fa28660:
        sType:                          VkStructureType = VK_STRUCTURE_TYPE_ACCELERATION_STRUCTURE_CREATE_INFO_KHR (1000150017)
        pNext:                          const void* = NULL
        createFlags:                    VkAccelerationStructureCreateFlagsKHR = 0
        buffer:                         VkBuffer = 0
        offset:                         VkDeviceSize = 0
        size:                           VkDeviceSize = 0
        type:                           VkAccelerationStructureTypeKHR = VK_ACCELERATION_STRUCTURE_TYPE_BOTTOM_LEVEL_KHR (1)
        deviceAddress:                  VkDeviceAddress = 0
    pAllocator:                     const VkAllocationCallbacks* = NULL
    pAccelerationStructure:         VkAccelerationStructureKHR* = 0x562fcc087e00