[webkit-changes] [207221] trunk/Source/WebCore

Wed, 12 Oct 2016 09:50:25 -0700

Title: [207221] trunk/Source/WebCore
Revision
207221
Author
[email protected]
Date
2016-10-12 09:50:24 -0700 (Wed, 12 Oct 2016)

Log Message

[WebGL] Revise vertex array attribute checks to account for lazy memory allocation.
https://bugs.webkit.org/show_bug.cgi?id=163149
<rdar://problem/28629774>

Reviewed by Dean Jackson.

Tested by fast/canvas/webgl/webgl-drawarrays-crash-2.html

* html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateVertexAttributes):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (207220 => 207221)


--- trunk/Source/WebCore/ChangeLog	2016-10-12 16:48:21 UTC (rev 207220)
+++ trunk/Source/WebCore/ChangeLog	2016-10-12 16:50:24 UTC (rev 207221)
@@ -1,3 +1,16 @@
+2016-10-12  Brent Fulgham  <[email protected]>
+
+        [WebGL] Revise vertex array attribute checks to account for lazy memory allocation.
+        https://bugs.webkit.org/show_bug.cgi?id=163149
+        <rdar://problem/28629774>
+
+        Reviewed by Dean Jackson.
+
+        Tested by fast/canvas/webgl/webgl-drawarrays-crash-2.html
+
+        * html/canvas/WebGLRenderingContextBase.cpp:
+        (WebCore::WebGLRenderingContextBase::validateVertexAttributes):
+
 2016-10-12  Wenson Hsieh  <[email protected]>
 
         Now playing media sessions are always cleared for the active foreground tab

Modified: trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp (207220 => 207221)


--- trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp	2016-10-12 16:48:21 UTC (rev 207220)
+++ trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp	2016-10-12 16:50:24 UTC (rev 207221)
@@ -1756,13 +1756,23 @@
     if (!sawNonInstancedAttrib && sawEnabledAttrib)
         return false;
 
+    bool usingSimulatedArrayBuffer = m_currentProgram->isUsingVertexAttrib0();
+
     // Guard against access into non-existent buffers.
-    if (elementCount && !sawEnabledAttrib && !m_currentProgram->isUsingVertexAttrib0())
+    if (elementCount && !sawEnabledAttrib && !usingSimulatedArrayBuffer)
         return false;
 
     if (elementCount && sawEnabledAttrib) {
-        if (!m_boundArrayBuffer && !m_boundVertexArrayObject->getElementArrayBuffer())
+        if (!m_boundArrayBuffer && !m_boundVertexArrayObject->getElementArrayBuffer()) {
+            if (usingSimulatedArrayBuffer) {
+                auto& state = m_boundVertexArrayObject->getVertexAttribState(0);
+                if (state.enabled && state.isBound()) {
+                    if (state.bufferBinding->getTarget() == GraphicsContext3D::ARRAY_BUFFER || state.bufferBinding->getTarget() == GraphicsContext3D::ELEMENT_ARRAY_BUFFER)
+                        return !!state.bufferBinding->byteLength();
+                }
+            }
             return false;
+        }
     }
     
     return true;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to