Title: [257073] trunk
- Revision
- 257073
- Author
- justin_...@apple.com
- Date
- 2020-02-20 11:33:58 -0800 (Thu, 20 Feb 2020)
Log Message
GraphicsContextGLOpenGL::transformFeedbackVaryings passes deallocated memory to gl::TransformFeedbackVaryings
https://bugs.webkit.org/show_bug.cgi?id=207526
Reviewed by Brent Fulgham.
Source/WebCore:
Covered by WebGL2 Transform Feedback tests.
* platform/graphics/angle/GraphicsContextGLANGLE.cpp:
(WebCore::GraphicsContextGLOpenGL::transformFeedbackVaryings):
LayoutTests:
Unskip known WebGL 2.0.0 conformance suite progressions.
* TestExpectations:
Modified Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (257072 => 257073)
--- trunk/LayoutTests/ChangeLog 2020-02-20 19:22:12 UTC (rev 257072)
+++ trunk/LayoutTests/ChangeLog 2020-02-20 19:33:58 UTC (rev 257073)
@@ -1,3 +1,14 @@
+2020-02-19 Justin Fan <justin_...@apple.com>
+
+ GraphicsContextGLOpenGL::transformFeedbackVaryings passes deallocated memory to gl::TransformFeedbackVaryings
+ https://bugs.webkit.org/show_bug.cgi?id=207526
+
+ Reviewed by Brent Fulgham.
+
+ Unskip known WebGL 2.0.0 conformance suite progressions.
+
+ * TestExpectations:
+
2020-02-20 Jason Lawrence <lawrenc...@apple.com>
[ iOS wk2 Release ] perf/clone-with-focus.html is flaky failing.
Modified: trunk/LayoutTests/TestExpectations (257072 => 257073)
--- trunk/LayoutTests/TestExpectations 2020-02-20 19:22:12 UTC (rev 257072)
+++ trunk/LayoutTests/TestExpectations 2020-02-20 19:33:58 UTC (rev 257073)
@@ -3340,6 +3340,10 @@
# Re-enable as each chunk of tests are verified with ANGLE backend.
webgl/2.0.0 [ Skip ]
+webgl/2.0.0/conformance2/samplers [ Pass ]
+webgl/2.0.0/conformance2/transform_feedback [ Pass ]
+webgl/2.0.0/conformance2/textures/misc/tex-image-and-sub-image-with-array-buffer-view-sub-source.html [ Pass ]
+
# pre-wrap progression. Other rendering engines agree with the result.
webkit.org/b/206168 [ Debug ] fast/dom/insert-span-into-long-text-bug-28245.html [ Skip ]
Modified: trunk/Source/WebCore/ChangeLog (257072 => 257073)
--- trunk/Source/WebCore/ChangeLog 2020-02-20 19:22:12 UTC (rev 257072)
+++ trunk/Source/WebCore/ChangeLog 2020-02-20 19:33:58 UTC (rev 257073)
@@ -1,3 +1,15 @@
+2020-02-19 Justin Fan <justin_...@apple.com>
+
+ GraphicsContextGLOpenGL::transformFeedbackVaryings passes deallocated memory to gl::TransformFeedbackVaryings
+ https://bugs.webkit.org/show_bug.cgi?id=207526
+
+ Reviewed by Brent Fulgham.
+
+ Covered by WebGL2 Transform Feedback tests.
+
+ * platform/graphics/angle/GraphicsContextGLANGLE.cpp:
+ (WebCore::GraphicsContextGLOpenGL::transformFeedbackVaryings):
+
2020-02-20 Antti Koivisto <an...@apple.com>
[macOS] Disable RunLoop function dispatch when there is a pending rendering update
Modified: trunk/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp (257072 => 257073)
--- trunk/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp 2020-02-20 19:22:12 UTC (rev 257072)
+++ trunk/Source/WebCore/platform/graphics/angle/GraphicsContextGLANGLE.cpp 2020-02-20 19:33:58 UTC (rev 257073)
@@ -1940,11 +1940,14 @@
void GraphicsContextGLOpenGL::transformFeedbackVaryings(PlatformGLObject program, const Vector<String>& varyings, GCGLenum bufferMode)
{
- auto convertedVaryings = varyings.map([](const String& varying) -> const char* {
- return varying.utf8().data();
+ Vector<CString> convertedVaryings = varyings.map([](const String& varying) {
+ return varying.utf8();
});
+ Vector<const char*> pointersToVaryings = convertedVaryings.map([](const CString& varying) {
+ return varying.data();
+ });
makeContextCurrent();
- gl::TransformFeedbackVaryings(program, varyings.size(), convertedVaryings.data(), bufferMode);
+ gl::TransformFeedbackVaryings(program, pointersToVaryings.size(), pointersToVaryings.data(), bufferMode);
}
void GraphicsContextGLOpenGL::getTransformFeedbackVarying(PlatformGLObject program, GCGLuint index, ActiveInfo& info)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
