[WebGL] WebGLBuffer can be too large
authordino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 12 Mar 2019 20:57:43 +0000 (20:57 +0000)
committerdino@apple.com <dino@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 12 Mar 2019 20:57:43 +0000 (20:57 +0000)
https://bugs.webkit.org/show_bug.cgi?id=195068
<rdar://problem/48414289>

Reviewed by Antoine Quint.

Source/WebCore:

When creating an element array buffer, make sure to
test against the maximum size of an ArrayBuffer, rather
than just assume it can be created.

Test: fast/canvas/webgl/largeBuffer.html

* html/canvas/WebGLBuffer.cpp:
(WebCore::WebGLBuffer::associateBufferDataImpl):

LayoutTests:

* fast/canvas/webgl/largeBuffer-expected.txt: Added.
* fast/canvas/webgl/largeBuffer.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@242826 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/canvas/webgl/largeBuffer-expected.txt [new file with mode: 0644]
LayoutTests/fast/canvas/webgl/largeBuffer.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/canvas/WebGLBuffer.cpp

index 05f84ba..9e68691 100644 (file)
@@ -1,3 +1,14 @@
+2019-03-12  Dean Jackson  <dino@apple.com>
+
+        [WebGL] WebGLBuffer can be too large
+        https://bugs.webkit.org/show_bug.cgi?id=195068
+        <rdar://problem/48414289>
+
+        Reviewed by Antoine Quint.
+
+        * fast/canvas/webgl/largeBuffer-expected.txt: Added.
+        * fast/canvas/webgl/largeBuffer.html: Added.
+
 2019-03-12  Ryan Haddad  <ryanhaddad@apple.com>
 
         Unreviewed, fix a typo in TestExpecations.
diff --git a/LayoutTests/fast/canvas/webgl/largeBuffer-expected.txt b/LayoutTests/fast/canvas/webgl/largeBuffer-expected.txt
new file mode 100644 (file)
index 0000000..28eb93b
--- /dev/null
@@ -0,0 +1,7 @@
+CONSOLE MESSAGE: line 12: WebGL: INVALID_VALUE: bufferData: invalid buffer
+CONSOLE MESSAGE: line 15: WebGL: INVALID_VALUE: bufferSubData: offset out of range
+PASS size is 0
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/canvas/webgl/largeBuffer.html b/LayoutTests/fast/canvas/webgl/largeBuffer.html
new file mode 100644 (file)
index 0000000..e0092b2
--- /dev/null
@@ -0,0 +1,19 @@
+<!DOCTYPE html>
+<html>
+<script src="../../../resources/js-test.js"></script>
+<body>
+<canvas></canvas>
+<script>
+const canvas = document.querySelector("canvas");
+const gl = canvas.getContext("webgl");
+
+const b = gl.createBuffer();
+gl.bindBuffer(gl.ELEMENT_ARRAY_BUFFER, b);
+gl.bufferData(gl.ELEMENT_ARRAY_BUFFER, 0xf000000000, gl.STREAM_DRAW);
+const size = gl.getBufferParameter(gl.ELEMENT_ARRAY_BUFFER, gl.BUFFER_SIZE);
+shouldBeEqualToNumber("size", 0);
+gl.bufferSubData(gl.ELEMENT_ARRAY_BUFFER, 0x4444444444, new ArrayBuffer(32));
+</script>
+</body>
+</html>
+
index ece9cae..eca26e5 100644 (file)
@@ -1,3 +1,20 @@
+2019-03-12  Dean Jackson  <dino@apple.com>
+
+        [WebGL] WebGLBuffer can be too large
+        https://bugs.webkit.org/show_bug.cgi?id=195068
+        <rdar://problem/48414289>
+
+        Reviewed by Antoine Quint.
+
+        When creating an element array buffer, make sure to
+        test against the maximum size of an ArrayBuffer, rather
+        than just assume it can be created.
+
+        Test: fast/canvas/webgl/largeBuffer.html
+
+        * html/canvas/WebGLBuffer.cpp:
+        (WebCore::WebGLBuffer::associateBufferDataImpl):
+
 2019-03-12  Sihui Liu  <sihui_liu@apple.com>
 
         Layout Test imported/w3c/web-platform-tests/IndexedDB/fire-*-event-exception.html are failing
index 61a62a5..84e6717 100644 (file)
@@ -62,6 +62,8 @@ bool WebGLBuffer::associateBufferDataImpl(const void* data, GC3Dsizeiptr byteLen
 
     switch (m_target) {
     case GraphicsContext3D::ELEMENT_ARRAY_BUFFER:
+        if (byteLength > std::numeric_limits<unsigned>::max())
+            return false;
         m_byteLength = byteLength;
         clearCachedMaxIndices();
         if (byteLength) {