Out of bounds in WebGLRenderingContext::simulateVertexAttrib0
authordino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Jul 2015 21:55:48 +0000 (21:55 +0000)
committerdino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 22 Jul 2015 21:55:48 +0000 (21:55 +0000)
commitd0cc09df3b1c76c975febe8e9dd31679d89e705b
tree8c56242f51564612c98089c940a381868390f6d9
parenta909a3d05f979538a8e09f583e86a364f7d137c9
Out of bounds in WebGLRenderingContext::simulateVertexAttrib0
https://bugs.webkit.org/show_bug.cgi?id=147176
<rdar://problem/21567767>

Reviewed by Oliver Hunt.

Source/WebCore:

Test: fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html

Add overflow checking for the drawing calls, specifically the way
they may simulate vertexAttrib0.

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateDrawArrays): Call new validation method.
(WebCore::WebGLRenderingContextBase::validateDrawElements): Ditto.
(WebCore::WebGLRenderingContextBase::validateSimulatedVertexAttrib0): New method that
validates the parameters used to create the simulated attribute.
(WebCore::WebGLRenderingContextBase::simulateVertexAttrib0): No need to do overflow
checking here now that the validation method does it for us.
(WebCore::WebGLRenderingContextBase::validateVertexAttributes): Deleted.
* html/canvas/WebGLRenderingContextBase.h: Add new validation method.

LayoutTests:

* fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays-expected.txt: Added.
* fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@187189 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays-expected.txt [new file with mode: 0644]
LayoutTests/fast/canvas/webgl/out-of-bounds-simulated-vertexAttrib0-drawArrays.html [new file with mode: 0755]
Source/WebCore/ChangeLog
Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp
Source/WebCore/html/canvas/WebGLRenderingContextBase.h