Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: db1a5f2093faf713bd9e6b3a48443ce8ed8d7dd0
https://github.com/WebKit/WebKit/commit/db1a5f2093faf713bd9e6b3a48443ce8ed8d7dd0
Author: Mike Wyrzykowski <mwyrzykow...@apple.com>
Date: 2024-11-12 (Tue, 12 Nov 2024)
Changed paths:
M Source/WebGPU/WebGPU/RenderBundleEncoder.mm
Log Message:
-----------
[WebGPU] Guard against appending to recordedCommands while iterating
https://bugs.webkit.org/show_bug.cgi?id=282837
rdar://139517938
Reviewed by Geoffrey Garen.
We have observed some UAFs in the past due to logic errors
resulting in appending to m_recordedCommands while iterating.
It is a fatal error to do so, so move the contents to avoid
the UAF and add a release assertion to guard against appending
to the container during iteration.
* Source/WebGPU/WebGPU/RenderBundleEncoder.mm:
(WebGPU::RenderBundleEncoder::endCurrentICB):
(WebGPU::RenderBundleEncoder::recordCommand):
The fragments lookaside buffer is always required during command
execution and should never exist during recording.
Canonical link: https://commits.webkit.org/286481@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
