- Revision
- 280613
- Author
- repst...@apple.com
- Date
- 2021-08-03 13:54:14 -0700 (Tue, 03 Aug 2021)
Log Message
Cherry-pick r280587. rdar://problem/81473679
Crash in webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html
https://bugs.webkit.org/show_bug.cgi?id=223920
<rdar://problem/76261913>
Patch by Kimmo Kinnunen <kkinnu...@apple.com> on 2021-08-03
Reviewed by Kenneth Russell.
After enabling WEBGL_depth_texture, the getDataFormat would assert for case of
format == RGBA, type == UNSIGNED_SHORT. UNSIGNED_SHORT is intended for
format == DEPTH_COMPONENT.
Instead, return error if the data conversion cannot be done. This is better in all
cases than doing non-expected data conversion in release build and assertion in
debug builds.
Tested by webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html
(disabled for now).
* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::texImageArrayBufferViewHelper):
* platform/graphics/GraphicsContextGL.cpp:
(WebCore::getDataFormat):
(WebCore::packPixels):
(WebCore::GraphicsContextGL::extractTextureData):
* platform/graphics/GraphicsContextGL.h:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-612.1-branch/Source/WebCore/ChangeLog (280612 => 280613)
--- branches/safari-612.1-branch/Source/WebCore/ChangeLog 2021-08-03 20:37:19 UTC (rev 280612)
+++ branches/safari-612.1-branch/Source/WebCore/ChangeLog 2021-08-03 20:54:14 UTC (rev 280613)
@@ -1,3 +1,62 @@
+2021-08-03 Russell Epstein <repst...@apple.com>
+
+ Cherry-pick r280587. rdar://problem/81473679
+
+ Crash in webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html
+ https://bugs.webkit.org/show_bug.cgi?id=223920
+ <rdar://problem/76261913>
+
+ Patch by Kimmo Kinnunen <kkinnu...@apple.com> on 2021-08-03
+ Reviewed by Kenneth Russell.
+
+ After enabling WEBGL_depth_texture, the getDataFormat would assert for case of
+ format == RGBA, type == UNSIGNED_SHORT. UNSIGNED_SHORT is intended for
+ format == DEPTH_COMPONENT.
+
+ Instead, return error if the data conversion cannot be done. This is better in all
+ cases than doing non-expected data conversion in release build and assertion in
+ debug builds.
+
+ Tested by webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html
+ (disabled for now).
+
+ * html/canvas/WebGLRenderingContextBase.cpp:
+ (WebCore::WebGLRenderingContextBase::texImageArrayBufferViewHelper):
+ * platform/graphics/GraphicsContextGL.cpp:
+ (WebCore::getDataFormat):
+ (WebCore::packPixels):
+ (WebCore::GraphicsContextGL::extractTextureData):
+ * platform/graphics/GraphicsContextGL.h:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@280587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-03 Kimmo Kinnunen <kkinnu...@apple.com>
+
+ Crash in webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html
+ https://bugs.webkit.org/show_bug.cgi?id=223920
+ <rdar://problem/76261913>
+
+ Reviewed by Kenneth Russell.
+
+ After enabling WEBGL_depth_texture, the getDataFormat would assert for case of
+ format == RGBA, type == UNSIGNED_SHORT. UNSIGNED_SHORT is intended for
+ format == DEPTH_COMPONENT.
+
+ Instead, return error if the data conversion cannot be done. This is better in all
+ cases than doing non-expected data conversion in release build and assertion in
+ debug builds.
+
+ Tested by webgl/1.0.x/conformance/textures/misc/texture-with-flip-y-and-premultiply-alpha.html
+ (disabled for now).
+
+ * html/canvas/WebGLRenderingContextBase.cpp:
+ (WebCore::WebGLRenderingContextBase::texImageArrayBufferViewHelper):
+ * platform/graphics/GraphicsContextGL.cpp:
+ (WebCore::getDataFormat):
+ (WebCore::packPixels):
+ (WebCore::GraphicsContextGL::extractTextureData):
+ * platform/graphics/GraphicsContextGL.h:
+
2021-08-02 Sonia Singla <soniasingla.1...@gmail.com>
[css-cleanup] Replace webkit- prefix properties with Standard CSS Properties in Source/**
Modified: branches/safari-612.1-branch/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp (280612 => 280613)
--- branches/safari-612.1-branch/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp 2021-08-03 20:37:19 UTC (rev 280612)
+++ branches/safari-612.1-branch/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp 2021-08-03 20:54:14 UTC (rev 280613)
@@ -4989,8 +4989,10 @@
synthesizeGLError(GraphicsContextGL::INVALID_OPERATION, functionName, "Invalid unpack params combination.");
return;
}
- if (!m_context->extractTextureData(width, height, format, type, unpackParams, m_unpackFlipY, m_unpackPremultiplyAlpha, data, tempData))
+ if (!m_context->extractTextureData(width, height, format, type, unpackParams, m_unpackFlipY, m_unpackPremultiplyAlpha, data, tempData)) {
+ synthesizeGLError(GraphicsContextGL::INVALID_OPERATION, functionName, "Invalid format/type combination.");
return;
+ }
data = ""
byteLength = tempData.size();
changeUnpackParams = true;
Modified: branches/safari-612.1-branch/Source/WebCore/platform/graphics/GraphicsContextGL.cpp (280612 => 280613)
--- branches/safari-612.1-branch/Source/WebCore/platform/graphics/GraphicsContextGL.cpp 2021-08-03 20:37:19 UTC (rev 280612)
+++ branches/safari-612.1-branch/Source/WebCore/platform/graphics/GraphicsContextGL.cpp 2021-08-03 20:54:14 UTC (rev 280613)
@@ -42,230 +42,170 @@
static GraphicsContextGL::DataFormat getDataFormat(GCGLenum destinationFormat, GCGLenum destinationType)
{
- GraphicsContextGL::DataFormat dstFormat = GraphicsContextGL::DataFormat::RGBA8;
switch (destinationType) {
case GraphicsContextGL::BYTE:
switch (destinationFormat) {
case GraphicsContextGL::RED:
case GraphicsContextGL::RED_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::R8_S;
- break;
+ return GraphicsContextGL::DataFormat::R8_S;
case GraphicsContextGL::RG:
case GraphicsContextGL::RG_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RG8_S;
- break;
+ return GraphicsContextGL::DataFormat::RG8_S;
case GraphicsContextGL::RGB:
case GraphicsContextGL::RGB_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGB8_S;
- break;
+ return GraphicsContextGL::DataFormat::RGB8_S;
case GraphicsContextGL::RGBA:
case GraphicsContextGL::RGBA_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGBA8_S;
- break;
+ return GraphicsContextGL::DataFormat::RGBA8_S;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::UNSIGNED_BYTE:
switch (destinationFormat) {
case GraphicsContextGL::RGB:
case GraphicsContextGL::RGB_INTEGER:
case GraphicsContextGL::SRGB:
- dstFormat = GraphicsContextGL::GraphicsContextGL::DataFormat::RGB8;
- break;
+ return GraphicsContextGL::GraphicsContextGL::DataFormat::RGB8;
case GraphicsContextGL::RGBA:
case GraphicsContextGL::RGBA_INTEGER:
case GraphicsContextGL::SRGB_ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::RGBA8;
- break;
+ return GraphicsContextGL::DataFormat::RGBA8;
case GraphicsContextGL::ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::A8;
- break;
+ return GraphicsContextGL::DataFormat::A8;
case GraphicsContextGL::LUMINANCE:
case GraphicsContextGL::RED:
case GraphicsContextGL::RED_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::R8;
- break;
+ return GraphicsContextGL::DataFormat::R8;
case GraphicsContextGL::RG:
case GraphicsContextGL::RG_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RG8;
- break;
+ return GraphicsContextGL::DataFormat::RG8;
case GraphicsContextGL::LUMINANCE_ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::RA8;
- break;
+ return GraphicsContextGL::DataFormat::RA8;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::SHORT:
switch (destinationFormat) {
case GraphicsContextGL::RED_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::R16_S;
- break;
+ return GraphicsContextGL::DataFormat::R16_S;
case GraphicsContextGL::RG_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RG16_S;
- break;
+ return GraphicsContextGL::DataFormat::RG16_S;
case GraphicsContextGL::RGB_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGB16_S;
- break;
+ return GraphicsContextGL::DataFormat::RGB16_S;
case GraphicsContextGL::RGBA_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGBA16_S;
- break;
+ return GraphicsContextGL::DataFormat::RGBA16_S;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::UNSIGNED_SHORT:
switch (destinationFormat) {
case GraphicsContextGL::RED_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::R16;
- break;
+ return GraphicsContextGL::DataFormat::R16;
case GraphicsContextGL::DEPTH_COMPONENT:
- dstFormat = GraphicsContextGL::DataFormat::D16;
- break;
+ return GraphicsContextGL::DataFormat::D16;
case GraphicsContextGL::RG_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RG16;
- break;
+ return GraphicsContextGL::DataFormat::RG16;
case GraphicsContextGL::RGB_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGB16;
- break;
+ return GraphicsContextGL::DataFormat::RGB16;
case GraphicsContextGL::RGBA_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGBA16;
- break;
+ return GraphicsContextGL::DataFormat::RGBA16;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::INT:
switch (destinationFormat) {
case GraphicsContextGL::RED_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::R32_S;
- break;
+ return GraphicsContextGL::DataFormat::R32_S;
case GraphicsContextGL::RG_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RG32_S;
- break;
+ return GraphicsContextGL::DataFormat::RG32_S;
case GraphicsContextGL::RGB_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGB32_S;
- break;
+ return GraphicsContextGL::DataFormat::RGB32_S;
case GraphicsContextGL::RGBA_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGBA32_S;
- break;
+ return GraphicsContextGL::DataFormat::RGBA32_S;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::UNSIGNED_INT:
switch (destinationFormat) {
case GraphicsContextGL::RED_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::R32;
- break;
+ return GraphicsContextGL::DataFormat::R32;
case GraphicsContextGL::DEPTH_COMPONENT:
- dstFormat = GraphicsContextGL::DataFormat::D32;
- break;
+ return GraphicsContextGL::DataFormat::D32;
case GraphicsContextGL::RG_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RG32;
- break;
+ return GraphicsContextGL::DataFormat::RG32;
case GraphicsContextGL::RGB_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGB32;
- break;
+ return GraphicsContextGL::DataFormat::RGB32;
case GraphicsContextGL::RGBA_INTEGER:
- dstFormat = GraphicsContextGL::DataFormat::RGBA32;
- break;
+ return GraphicsContextGL::DataFormat::RGBA32;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::HALF_FLOAT_OES: // OES_texture_half_float
case GraphicsContextGL::HALF_FLOAT:
switch (destinationFormat) {
case GraphicsContextGL::RGBA:
- dstFormat = GraphicsContextGL::DataFormat::RGBA16F;
- break;
+ return GraphicsContextGL::DataFormat::RGBA16F;
case GraphicsContextGL::RGB:
- dstFormat = GraphicsContextGL::DataFormat::RGB16F;
- break;
+ return GraphicsContextGL::DataFormat::RGB16F;
case GraphicsContextGL::RG:
- dstFormat = GraphicsContextGL::DataFormat::RG16F;
- break;
+ return GraphicsContextGL::DataFormat::RG16F;
case GraphicsContextGL::ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::A16F;
- break;
+ return GraphicsContextGL::DataFormat::A16F;
case GraphicsContextGL::LUMINANCE:
case GraphicsContextGL::RED:
- dstFormat = GraphicsContextGL::DataFormat::R16F;
- break;
+ return GraphicsContextGL::DataFormat::R16F;
case GraphicsContextGL::LUMINANCE_ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::RA16F;
- break;
+ return GraphicsContextGL::DataFormat::RA16F;
case GraphicsContextGL::SRGB:
- dstFormat = GraphicsContextGL::DataFormat::RGB16F;
- break;
+ return GraphicsContextGL::DataFormat::RGB16F;
case GraphicsContextGL::SRGB_ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::RGBA16F;
- break;
+ return GraphicsContextGL::DataFormat::RGBA16F;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::FLOAT: // OES_texture_float
switch (destinationFormat) {
case GraphicsContextGL::RGBA:
- dstFormat = GraphicsContextGL::DataFormat::RGBA32F;
- break;
+ return GraphicsContextGL::DataFormat::RGBA32F;
case GraphicsContextGL::RGB:
- dstFormat = GraphicsContextGL::DataFormat::RGB32F;
- break;
+ return GraphicsContextGL::DataFormat::RGB32F;
case GraphicsContextGL::RG:
- dstFormat = GraphicsContextGL::DataFormat::RG32F;
- break;
+ return GraphicsContextGL::DataFormat::RG32F;
case GraphicsContextGL::ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::A32F;
- break;
+ return GraphicsContextGL::DataFormat::A32F;
case GraphicsContextGL::LUMINANCE:
case GraphicsContextGL::RED:
- dstFormat = GraphicsContextGL::DataFormat::R32F;
- break;
+ return GraphicsContextGL::DataFormat::R32F;
case GraphicsContextGL::DEPTH_COMPONENT:
- dstFormat = GraphicsContextGL::DataFormat::D32F;
- break;
+ return GraphicsContextGL::DataFormat::D32F;
case GraphicsContextGL::LUMINANCE_ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::RA32F;
- break;
+ return GraphicsContextGL::DataFormat::RA32F;
case GraphicsContextGL::SRGB:
- dstFormat = GraphicsContextGL::DataFormat::RGB32F;
- break;
+ return GraphicsContextGL::DataFormat::RGB32F;
case GraphicsContextGL::SRGB_ALPHA:
- dstFormat = GraphicsContextGL::DataFormat::RGBA32F;
- break;
+ return GraphicsContextGL::DataFormat::RGBA32F;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- break;
case GraphicsContextGL::UNSIGNED_SHORT_4_4_4_4:
- dstFormat = GraphicsContextGL::DataFormat::RGBA4444;
- break;
+ return GraphicsContextGL::DataFormat::RGBA4444;
case GraphicsContextGL::UNSIGNED_SHORT_5_5_5_1:
- dstFormat = GraphicsContextGL::DataFormat::RGBA5551;
- break;
+ return GraphicsContextGL::DataFormat::RGBA5551;
case GraphicsContextGL::UNSIGNED_SHORT_5_6_5:
- dstFormat = GraphicsContextGL::DataFormat::RGB565;
- break;
+ return GraphicsContextGL::DataFormat::RGB565;
case GraphicsContextGL::UNSIGNED_INT_5_9_9_9_REV:
- dstFormat = GraphicsContextGL::DataFormat::RGB5999;
- break;
+ return GraphicsContextGL::DataFormat::RGB5999;
case GraphicsContextGL::UNSIGNED_INT_24_8:
- dstFormat = GraphicsContextGL::DataFormat::DS24_8;
- break;
+ return GraphicsContextGL::DataFormat::DS24_8;
case GraphicsContextGL::UNSIGNED_INT_10F_11F_11F_REV:
- dstFormat = GraphicsContextGL::DataFormat::RGB10F11F11F;
- break;
+ return GraphicsContextGL::DataFormat::RGB10F11F11F;
case GraphicsContextGL::UNSIGNED_INT_2_10_10_10_REV:
- dstFormat = GraphicsContextGL::DataFormat::RGBA2_10_10_10;
- break;
+ return GraphicsContextGL::DataFormat::RGBA2_10_10_10;
default:
- ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
- return dstFormat;
+ ASSERT_NOT_REACHED();
+ return GraphicsContextGL::DataFormat::Invalid;
}
ALWAYS_INLINE static unsigned texelBytesForFormat(GraphicsContextGL::DataFormat format)
@@ -355,6 +295,8 @@
int srcRowOffset = sourceDataSubRectangle.x() * texelBytesForFormat(sourceDataFormat);
GraphicsContextGL::DataFormat dstDataFormat = getDataFormat(destinationFormat, destinationType);
+ if (dstDataFormat == GraphicsContextGL::DataFormat::Invalid)
+ return false;
int dstStride = sourceDataSubRectangle.width() * texelBytesForFormat(dstDataFormat);
if (flipY) {
destinationData = static_cast<uint8_t*>(destinationData) + dstStride * ((depth * sourceDataSubRectangle.height()) - 1);
@@ -787,7 +729,8 @@
{
// Assumes format, type, etc. have already been validated.
DataFormat sourceDataFormat = getDataFormat(format, type);
-
+ if (sourceDataFormat == GraphicsContextGL::DataFormat::Invalid)
+ return false;
// Resize the output buffer.
unsigned componentsPerPixel, bytesPerComponent;
if (!computeFormatAndTypeParameters(format, type, &componentsPerPixel, &bytesPerComponent))
Modified: branches/safari-612.1-branch/Source/WebCore/platform/graphics/GraphicsContextGL.h (280612 => 280613)
--- branches/safari-612.1-branch/Source/WebCore/platform/graphics/GraphicsContextGL.h 2021-08-03 20:37:19 UTC (rev 280612)
+++ branches/safari-612.1-branch/Source/WebCore/platform/graphics/GraphicsContextGL.h 2021-08-03 20:54:14 UTC (rev 280613)
@@ -748,7 +748,8 @@
D32,
D32F,
DS24_8,
- NumFormats
+ NumFormats,
+ Invalid = NumFormats
};
enum class ChannelBits : uint8_t {
