Modified: trunk/Source/ThirdParty/ANGLE/ChangeLog (280925 => 280926)
--- trunk/Source/ThirdParty/ANGLE/ChangeLog 2021-08-11 20:00:46 UTC (rev 280925)
+++ trunk/Source/ThirdParty/ANGLE/ChangeLog 2021-08-11 20:04:36 UTC (rev 280926)
@@ -1,3 +1,23 @@
+2021-08-11 Kyle Piddington <[email protected]>
+
+ Avoid infinite recursion when command buffer creation fails
+ https://bugs.webkit.org/show_bug.cgi?id=228978
+ <rdar://79224824>
+
+ Reviewed by Kenneth Russell.
+
+ In cases where the MTLCommandBuffer is not a valid metal object,
+ we can end up in an infinite recursive loop during draw call setup. Refactor setupDraw to take no more than two attempts through the setup function.
+
+ Testing: Ran WebGL tests, use case samples. Set up synthetic
+ repro forcing bail out path, saw WebGL content fail to render
+ instead of a web process crash.
+
+ * src/libANGLE/renderer/metal/ContextMtl.h:
+ * src/libANGLE/renderer/metal/ContextMtl.mm:
+ (rx::ContextMtl::setupDraw):
+ (rx::ContextMtl::setupDrawImpl):
+
2021-08-11 Kimmo Kinnunen <[email protected]>
Cherry-pick ANGLE: Revise WebGL's shaderSource validation
Modified: trunk/Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.h (280925 => 280926)
--- trunk/Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.h 2021-08-11 20:00:46 UTC (rev 280925)
+++ trunk/Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.h 2021-08-11 20:04:36 UTC (rev 280926)
@@ -381,6 +381,14 @@
gl::DrawElementsType indexTypeOrNone,
const void *indices,
bool transformFeedbackDraw);
+ angle::Result setupDrawImpl(const gl::Context *context,
+ gl::PrimitiveMode mode,
+ GLint firstVertex,
+ GLsizei vertexOrIndexCount,
+ GLsizei instanceCount,
+ gl::DrawElementsType indexTypeOrNone,
+ const void *indices,
+ bool transformFeedbackDraw);
angle::Result drawTriFanArrays(const gl::Context *context,
GLint first,
Modified: trunk/Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.mm (280925 => 280926)
--- trunk/Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.mm 2021-08-11 20:00:46 UTC (rev 280925)
+++ trunk/Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ContextMtl.mm 2021-08-11 20:04:36 UTC (rev 280926)
@@ -2120,6 +2120,30 @@
const void *indices,
bool transformFeedbackDraw)
{
+ ANGLE_TRY(setupDrawImpl(context, mode, firstVertex, vertexOrIndexCount, instances, indexTypeOrNone, indices, transformFeedbackDraw));
+ // Setting up the draw required us to call a command buffer flush, re-run setupDraw with state invaliated to restart the command buffer from the current draw with previously set state
+ if (!mCmdBuffer.valid())
+ {
+ invalidateState(context);
+ ANGLE_TRY(setupDrawImpl(context, mode, firstVertex, vertexOrIndexCount, instances, indexTypeOrNone, indices, transformFeedbackDraw));
+ }
+ // If the command buffer still isn't valid after a second attempt, we have a problem and should stop the draw call to avoid infinite recursion.
+ if(!mCmdBuffer.valid())
+ {
+ return angle::Result::Stop;
+ }
+ return angle::Result::Continue;
+
+}
+angle::Result ContextMtl::setupDrawImpl(const gl::Context *context,
+ gl::PrimitiveMode mode,
+ GLint firstVertex,
+ GLsizei vertexOrIndexCount,
+ GLsizei instances,
+ gl::DrawElementsType indexTypeOrNone,
+ const void *indices,
+ bool transformFeedbackDraw)
+{
ASSERT(mProgram);
// Update transform feedback offsets on every draw call.
@@ -2249,12 +2273,7 @@
changedPipeline, textureChanged,
uniformBuffersDirty, transformFeedbackDraw));
- // Setting up the draw required us to call a command buffer flush, re-run setupDraw with state invaliated to restart the command buffer from the current draw with previously set state
- if (!mCmdBuffer.valid())
- {
- invalidateState(context);
- ANGLE_TRY(setupDraw(context, mode, firstVertex, vertexOrIndexCount, instances, indexTypeOrNone, indices, transformFeedbackDraw));
- }
+
mDirtyBits.reset();
return angle::Result::Continue;
}
