Source/WebCore:
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 29 Jan 2016 21:00:24 +0000 (21:00 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 29 Jan 2016 21:00:24 +0000 (21:00 +0000)
commit5acd7a673fa54901fa17c10b0f48513abfb85e0f
tree5916afd934c1a7d458ea7edb55e377dd7fdf1347
parent11b09db1a8bd84f83b15384d67336b93e4efb3f8
Source/WebCore:
[WebGL] Check vertex array bounds before permitting a glDrawArrays to execute
https://bugs.webkit.org/show_bug.cgi?id=153643
<rdar://problem/23424456>

Reviewed by Dean Jackson.

Tested by fast/canvas/webgl/webgl-drawarrays-crash.html.

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateDrawArrays): Make sure that we have at
least one buffer bound to a program if a drawArray call with a non-zero range of
requested data is being made.
(WebCore::WebGLRenderingContextBase::validateDrawElements): Drive-by formatting fix.

LayoutTests:
Test to check for stack recursion when indexed propertyNames defined using Object.defineProperty are deleted.
https://bugs.webkit.org/show_bug.cgi?id=149179
<rdar://problem/22708019>.

Patch by Pranjal Jumde <pjumde@apple.com> on 2015-12-22
Reviewed by Dean Jackson.

* storage/domstorage/localstorage/delete-defineproperty-removal-expected.txt: Added.
* storage/domstorage/localstorage/delete-defineproperty-removal.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@195837 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/canvas/webgl/webgl-drawarrays-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/canvas/webgl/webgl-drawarrays-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp