Title: [207919] branches/safari-602-branch/Source/WebCore
Revision
207919
Author
matthew_han...@apple.com
Date
2016-10-26 16:17:59 -0700 (Wed, 26 Oct 2016)

Log Message

Merge r207221. rdar://problem/28894492

Modified Paths

Diff

Modified: branches/safari-602-branch/Source/WebCore/ChangeLog (207918 => 207919)


--- branches/safari-602-branch/Source/WebCore/ChangeLog	2016-10-26 23:17:56 UTC (rev 207918)
+++ branches/safari-602-branch/Source/WebCore/ChangeLog	2016-10-26 23:17:59 UTC (rev 207919)
@@ -1,5 +1,22 @@
 2016-10-26  Matthew Hanson  <matthew_han...@apple.com>
 
+        Merge r207221. rdar://problem/28894492
+
+    2016-10-12  Brent Fulgham  <bfulg...@apple.com>
+
+            [WebGL] Revise vertex array attribute checks to account for lazy memory allocation.
+            https://bugs.webkit.org/show_bug.cgi?id=163149
+            <rdar://problem/28629774>
+
+            Reviewed by Dean Jackson.
+
+            Tested by fast/canvas/webgl/webgl-drawarrays-crash-2.html
+
+            * html/canvas/WebGLRenderingContextBase.cpp:
+            (WebCore::WebGLRenderingContextBase::validateVertexAttributes):
+
+2016-10-26  Matthew Hanson  <matthew_han...@apple.com>
+
         Merge r206190. rdar://problem/28744102
 
     2016-09-20  Nan Wang  <n_w...@apple.com>

Modified: branches/safari-602-branch/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp (207918 => 207919)


--- branches/safari-602-branch/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp	2016-10-26 23:17:56 UTC (rev 207918)
+++ branches/safari-602-branch/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp	2016-10-26 23:17:59 UTC (rev 207919)
@@ -1757,13 +1757,23 @@
     if (!sawNonInstancedAttrib && sawEnabledAttrib)
         return false;
 
+    bool usingSimulatedArrayBuffer = m_currentProgram->isUsingVertexAttrib0();
+
     // Guard against access into non-existent buffers.
-    if (elementCount && !sawEnabledAttrib && !m_currentProgram->isUsingVertexAttrib0())
+    if (elementCount && !sawEnabledAttrib && !usingSimulatedArrayBuffer)
         return false;
 
     if (elementCount && sawEnabledAttrib) {
-        if (!m_boundArrayBuffer && !m_boundVertexArrayObject->getElementArrayBuffer())
+        if (!m_boundArrayBuffer && !m_boundVertexArrayObject->getElementArrayBuffer()) {
+            if (usingSimulatedArrayBuffer) {
+                auto& state = m_boundVertexArrayObject->getVertexAttribState(0);
+                if (state.enabled && state.isBound()) {
+                    if (state.bufferBinding->getTarget() == GraphicsContext3D::ARRAY_BUFFER || state.bufferBinding->getTarget() == GraphicsContext3D::ELEMENT_ARRAY_BUFFER)
+                        return !!state.bufferBinding->byteLength();
+                }
+            }
             return false;
+        }
     }
     
     return true;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to