Diff
Modified: trunk/LayoutTests/ChangeLog (128333 => 128334)
--- trunk/LayoutTests/ChangeLog 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/LayoutTests/ChangeLog 2012-09-12 17:23:06 UTC (rev 128334)
@@ -1,3 +1,28 @@
+2012-09-12 Max Vujovic <mvujo...@adobe.com>
+
+ [CSS Shaders] Remove direct texture access via u_texture
+ https://bugs.webkit.org/show_bug.cgi?id=93871
+
+ Reviewed by Dean Jackson.
+
+ Add tests to verify that the "u_texture" sampler is no longer accessible to author shader
+ code because it was removed. These tests also verify that shaders with unbound samplers do
+ not execute.
+
+ Add tests to verify that the internal "css_u_texture" sampler is not accessible to author
+ shader code. These tests check that this is true whether or not the author is using the CSS
+ mix function and whether or not the author attempts to define css_u_texture is his or her
+ shader.
+
+ * css3/filters/custom/custom-filter-no-element-texture-access-expected.html: Added.
+ * css3/filters/custom/custom-filter-no-element-texture-access.html: Added.
+ * css3/filters/resources/sample-defined-css-u-texture-mix.fs: Added.
+ * css3/filters/resources/sample-defined-css-u-texture.fs: Added.
+ * css3/filters/resources/sample-u-texture-mix.fs: Added.
+ * css3/filters/resources/sample-u-texture.fs: Added.
+ * css3/filters/resources/sample-undefined-css-u-texture-mix.fs: Added.
+ * css3/filters/resources/sample-undefined-css-u-texture.fs: Added.
+
2012-09-12 Christophe Dumez <christophe.du...@intel.com>
[WK2][WKTR] TestRunner needs to implement dumpApplicationCacheDelegateCallbacks
Added: trunk/LayoutTests/css3/filters/custom/custom-filter-no-element-texture-access-expected.html (0 => 128334)
--- trunk/LayoutTests/css3/filters/custom/custom-filter-no-element-texture-access-expected.html (rev 0)
+++ trunk/LayoutTests/css3/filters/custom/custom-filter-no-element-texture-access-expected.html 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,26 @@
+<!doctype html>
+<html>
+<head>
+ <title>Tests that an author's shader code cannot sample a shaded element's texture.</title>
+ <!--
+ This is the reference file for the test.
+ If the test passes, you should see 6 vertically-stacked green boxes.
+ -->
+ <style>
+ div {
+ background-color: rgb(0, 255, 0);
+ width: 50px;
+ height: 50px;
+ margin: 10px;
+ }
+ </style>
+</head>
+<body>
+ <div></div>
+ <div></div>
+ <div></div>
+ <div></div>
+ <div></div>
+ <div></div>
+</body>
+</html>
Added: trunk/LayoutTests/css3/filters/custom/custom-filter-no-element-texture-access.html (0 => 128334)
--- trunk/LayoutTests/css3/filters/custom/custom-filter-no-element-texture-access.html (rev 0)
+++ trunk/LayoutTests/css3/filters/custom/custom-filter-no-element-texture-access.html 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,48 @@
+<!doctype html>
+<html>
+<head>
+ <title>Tests that an author's shader code cannot sample a shaded element's texture.</title>
+ <!-- If the test passes, you should see 6 vertically-stacked green boxes. -->
+ <script>
+ if (window.testRunner) {
+ window.testRunner.overridePreference("WebKitCSSCustomFilterEnabled", "1");
+ window.testRunner.overridePreference("WebKitWebGLEnabled", "1");
+ }
+ </script>
+ <style>
+ div {
+ /* The shaders will turn the element's color from green to red if they are able to sample its texture. */
+ background-color: rgb(0, 255, 0);
+ width: 50px;
+ height: 50px;
+ margin: 10px;
+ }
+ .sample-u-texture {
+ -webkit-filter: custom(url('../resources/pass-tex-coord.vs') url('../resources/sample-u-texture.fs'));
+ }
+ .sample-u-texture-mix {
+ -webkit-filter: custom(url('../resources/pass-tex-coord.vs') mix(url('../resources/sample-u-texture-mix.fs') normal source-atop));
+ }
+ .sample-undefined-css-u-texture {
+ -webkit-filter: custom(url('../resources/pass-tex-coord.vs') url('../resources/sample-undefined-css-u-texture.fs'));
+ }
+ .sample-undefined-css-u-texture-mix {
+ -webkit-filter: custom(url('../resources/pass-tex-coord.vs') mix(url('../resources/sample-undefined-css-u-texture-mix.fs') normal source-atop));
+ }
+ .sample-defined-css-u-texture {
+ -webkit-filter: custom(url('../resources/pass-tex-coord.vs') url('../resources/sample-defined-css-u-texture.fs'));
+ }
+ .sample-defined-css-u-texture-mix {
+ -webkit-filter: custom(url('../resources/pass-tex-coord.vs') mix(url('../resources/sample-defined-css-u-texture-mix.fs') normal source-atop));
+ }
+ </style>
+</head>
+<body>
+ <div class="sample-u-texture"></div>
+ <div class="sample-u-texture-mix"></div>
+ <div class="sample-undefined-css-u-texture"></div>
+ <div class="sample-undefined-css-u-texture-mix"></div>
+ <div class="sample-defined-css-u-texture"></div>
+ <div class="sample-defined-css-u-texture-mix"></div>
+</body>
+</html>
Added: trunk/LayoutTests/css3/filters/resources/sample-defined-css-u-texture-mix.fs (0 => 128334)
--- trunk/LayoutTests/css3/filters/resources/sample-defined-css-u-texture-mix.fs (rev 0)
+++ trunk/LayoutTests/css3/filters/resources/sample-defined-css-u-texture-mix.fs 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,20 @@
+// This test checks that a shader cannot read from the internal "css_u_texture" sampler, which references the DOM element texture.
+// This shader is referenced from the CSS mix function and should fail to validate because it defines "css_u_texture",
+// using the restricted "css_" prefix.
+
+precision mediump float;
+
+uniform sampler2D css_u_texture;
+
+varying vec2 v_texCoord;
+
+void main()
+{
+ // Try to sample the DOM element texture.
+ vec4 color = texture2D(css_u_texture, v_texCoord);
+
+ // Swap the red and green channels.
+ color.rg = color.gr;
+
+ css_MixColor = color;
+}
Added: trunk/LayoutTests/css3/filters/resources/sample-defined-css-u-texture.fs (0 => 128334)
--- trunk/LayoutTests/css3/filters/resources/sample-defined-css-u-texture.fs (rev 0)
+++ trunk/LayoutTests/css3/filters/resources/sample-defined-css-u-texture.fs 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,20 @@
+// This test checks that a shader cannot read from the internal "css_u_texture" sampler, which references the DOM element texture.
+// This shader should fail to validate because it defines "css_u_texture", which should be an unbound sampler,
+// since this shader is not referenced from the CSS mix function.
+
+precision mediump float;
+
+uniform sampler2D css_u_texture;
+
+varying vec2 v_texCoord;
+
+void main()
+{
+ // Try to sample the DOM element texture.
+ vec4 color = texture2D(css_u_texture, v_texCoord);
+
+ // Swap the red and green channels.
+ color.rg = color.gr;
+
+ gl_FragColor = color;
+}
Added: trunk/LayoutTests/css3/filters/resources/sample-u-texture-mix.fs (0 => 128334)
--- trunk/LayoutTests/css3/filters/resources/sample-u-texture-mix.fs (rev 0)
+++ trunk/LayoutTests/css3/filters/resources/sample-u-texture-mix.fs 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,19 @@
+// This test checks that a shader with an unbound sampler is not permitted to execute.
+// This shader is referenced from the CSS mix function and writes its output to css_MixColor.
+
+precision mediump float;
+
+uniform sampler2D u_texture;
+
+varying vec2 v_texCoord;
+
+void main()
+{
+ // Try to sample the DOM element texture.
+ vec4 color = texture2D(u_texture, v_texCoord);
+
+ // Swap the red and green channels.
+ color.rg = color.gr;
+
+ css_MixColor = color;
+}
Added: trunk/LayoutTests/css3/filters/resources/sample-u-texture.fs (0 => 128334)
--- trunk/LayoutTests/css3/filters/resources/sample-u-texture.fs (rev 0)
+++ trunk/LayoutTests/css3/filters/resources/sample-u-texture.fs 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,19 @@
+// This test checks that a shader with an unbound sampler is not permitted to execute.
+// This shader is not referenced from the CSS mix function and writes its output to gl_FragColor.
+
+precision mediump float;
+
+uniform sampler2D u_texture;
+
+varying vec2 v_texCoord;
+
+void main()
+{
+ // Try to sample the DOM element texture.
+ vec4 color = texture2D(u_texture, v_texCoord);
+
+ // Swap the red and green channels.
+ color.rg = color.gr;
+
+ gl_FragColor = color;
+}
Added: trunk/LayoutTests/css3/filters/resources/sample-undefined-css-u-texture-mix.fs (0 => 128334)
--- trunk/LayoutTests/css3/filters/resources/sample-undefined-css-u-texture-mix.fs (rev 0)
+++ trunk/LayoutTests/css3/filters/resources/sample-undefined-css-u-texture-mix.fs 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,17 @@
+// This test checks that a shader cannot read from the internal "css_u_texture" sampler, which references the DOM element texture.
+// This shader should fail to validate because "css_u_texture" should be undefined to this code.
+
+precision mediump float;
+
+varying vec2 v_texCoord;
+
+void main()
+{
+ // Try to sample the DOM element texture.
+ vec4 color = texture2D(css_u_texture, v_texCoord);
+
+ // Swap the red and green channels.
+ color.rg = color.gr;
+
+ css_MixColor = color;
+}
Added: trunk/LayoutTests/css3/filters/resources/sample-undefined-css-u-texture.fs (0 => 128334)
--- trunk/LayoutTests/css3/filters/resources/sample-undefined-css-u-texture.fs (rev 0)
+++ trunk/LayoutTests/css3/filters/resources/sample-undefined-css-u-texture.fs 2012-09-12 17:23:06 UTC (rev 128334)
@@ -0,0 +1,17 @@
+// This test checks that a shader cannot read from the internal "css_u_texture" sampler, which references the DOM element texture.
+// This shader should fail to validate because "css_u_texture" should be undefined to this code.
+
+precision mediump float;
+
+varying vec2 v_texCoord;
+
+void main()
+{
+ // Try to sample the DOM element texture.
+ vec4 color = texture2D(css_u_texture, v_texCoord);
+
+ // Swap the red and green channels.
+ color.rg = color.gr;
+
+ gl_FragColor = color;
+}
Modified: trunk/Source/WebCore/ChangeLog (128333 => 128334)
--- trunk/Source/WebCore/ChangeLog 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/ChangeLog 2012-09-12 17:23:06 UTC (rev 128334)
@@ -1,3 +1,60 @@
+2012-09-12 Max Vujovic <mvujo...@adobe.com>
+
+ [CSS Shaders] Remove direct texture access via u_texture
+ https://bugs.webkit.org/show_bug.cgi?id=93871
+
+ Reviewed by Dean Jackson.
+
+ Remove the author-accessible "u_texture" sampler, which referenced the DOM element texture.
+
+ Additionally, reject shaders with author-defined sampler uniforms. When we implement texture
+ parameters, we will allow shaders whose samplers are bound to valid textures. We must not
+ allow OpenGL to give unbound samplers a default value of 0 because that references the DOM
+ element texture, which should be inaccessible to the author's shader code.
+
+ Test: css3/filters/custom/custom-filter-no-element-texture-access.html
+
+ * platform/graphics/ANGLEWebKitBridge.cpp:
+ (WebCore::getValidationResultValue):
+ Add a file-static function to easily query the integer values that ANGLE exposes about
+ the last validation result. The new getUniforms method and the existing
+ validateShaderSource method now both use getValidationResultValue.
+ (WebCore):
+ (WebCore::ANGLEWebKitBridge::validateShaderSource):
+ Use the new getValidationResultValue function instead of ANGLE's ShGetInfo function.
+ (WebCore::ANGLEWebKitBridge::getUniforms):
+ Add a new public method to ANGLEWebKitBridge which gets the info about all of the
+ uniforms in the last validated vertex shader or fragment shader. Uniform info includes
+ name, type, and size.
+ * platform/graphics/ANGLEWebKitBridge.h:
+ (ANGLEShaderSymbol):
+ (WebCore::ANGLEShaderSymbol::isSampler):
+ Returns true if the symbol's data type is a GLSL sampler (e.g. sampler2D, samplerCube).
+ (WebCore):
+ (ANGLEWebKitBridge):
+ * platform/graphics/filters/CustomFilterCompiledProgram.cpp:
+ (WebCore::CustomFilterCompiledProgram::CustomFilterCompiledProgram):
+ Take in an additional programType constructor parameter.
+ (WebCore::CustomFilterCompiledProgram::initializeParameterLocations):
+ Remove the author-accessible DOM element texture sampler "u_texture". Only find the
+ location of the internal DOM element texture sampler "css_u_texture" if the author is
+ using the CSS mix function.
+ * platform/graphics/filters/CustomFilterCompiledProgram.h:
+ * platform/graphics/filters/CustomFilterProgramInfo.h:
+ (CustomFilterProgramInfo):
+ (WebCore::CustomFilterProgramInfo::programType):
+ Add the new CustomFilterProgramType enum. In CustomFilterProgramInfo, we plan to replace
+ mixSettings.enabled with a programType. See:
+ https://bugs.webkit.org/show_bug.cgi?id=96448
+ * platform/graphics/filters/CustomFilterValidatedProgram.cpp:
+ Reject all shaders that have sampler uniforms defined.
+ (WebCore::CustomFilterValidatedProgram::CustomFilterValidatedProgram):
+ (WebCore::CustomFilterValidatedProgram::compiledProgram):
+ * platform/graphics/filters/FECustomFilter.cpp:
+ (WebCore::FECustomFilter::bindProgramAndBuffers):
+ Add an assert to verify that the DOM element texture is bound only if the author is
+ using the CSS mix function.
+
2012-09-12 Dominic Mazzoni <dmazz...@google.com>
Assert hit in is multiSelectable()
Modified: trunk/Source/WebCore/platform/graphics/ANGLEWebKitBridge.cpp (128333 => 128334)
--- trunk/Source/WebCore/platform/graphics/ANGLEWebKitBridge.cpp 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/platform/graphics/ANGLEWebKitBridge.cpp 2012-09-12 17:23:06 UTC (rev 128334)
@@ -32,6 +32,13 @@
namespace WebCore {
+inline static int getValidationResultValue(const ShHandle compiler, ShShaderInfo shaderInfo)
+{
+ int value = -1;
+ ShGetInfo(compiler, shaderInfo, &value);
+ return value;
+}
+
ANGLEWebKitBridge::ANGLEWebKitBridge(ShShaderOutput shaderOutput, ShShaderSpec shaderSpec)
: builtCompilers(false)
, m_fragmentCompiler(0)
@@ -92,8 +99,7 @@
bool validateSuccess = ShCompile(compiler, shaderSourceStrings, 1, SH_OBJECT_CODE | extraCompileOptions);
if (!validateSuccess) {
- int logSize = 0;
- ShGetInfo(compiler, SH_INFO_LOG_LENGTH, &logSize);
+ int logSize = getValidationResultValue(compiler, SH_INFO_LOG_LENGTH);
if (logSize > 1) {
OwnArrayPtr<char> logBuffer = adoptArrayPtr(new char[logSize]);
if (logBuffer) {
@@ -104,8 +110,7 @@
return false;
}
- int translationLength = 0;
- ShGetInfo(compiler, SH_OBJECT_CODE_LENGTH, &translationLength);
+ int translationLength = getValidationResultValue(compiler, SH_OBJECT_CODE_LENGTH);
if (translationLength > 1) {
OwnArrayPtr<char> translationBuffer = adoptArrayPtr(new char[translationLength]);
if (!translationBuffer)
@@ -117,6 +122,35 @@
return true;
}
+bool ANGLEWebKitBridge::getUniforms(ShShaderType shaderType, Vector<ANGLEShaderSymbol> &symbols)
+{
+ const ShHandle compiler = (shaderType == SH_VERTEX_SHADER ? m_vertexCompiler : m_fragmentCompiler);
+
+ int numUniforms = getValidationResultValue(compiler, SH_ACTIVE_UNIFORMS);
+ if (numUniforms < 0)
+ return false;
+ if (!numUniforms)
+ return true;
+
+ int maxNameLength = getValidationResultValue(compiler, SH_ACTIVE_UNIFORM_MAX_LENGTH);
+ if (maxNameLength <= 1)
+ return false;
+ OwnArrayPtr<char> nameBuffer = adoptArrayPtr(new char[maxNameLength]);
+
+ for (int i = 0; i < numUniforms; ++i) {
+ ANGLEShaderSymbol symbol;
+ symbol.symbolType = SHADER_SYMBOL_TYPE_UNIFORM;
+ int nameLength = -1;
+ ShGetActiveUniform(compiler, i, &nameLength, &symbol.size, &symbol.dataType, nameBuffer.get(), 0);
+ if (nameLength <= 0)
+ return false;
+ symbol.name = String::fromUTF8(nameBuffer.get(), nameLength);
+ symbols.append(symbol);
+ }
+
+ return true;
}
+}
+
#endif // USE(3D_GRAPHICS)
Modified: trunk/Source/WebCore/platform/graphics/ANGLEWebKitBridge.h (128333 => 128334)
--- trunk/Source/WebCore/platform/graphics/ANGLEWebKitBridge.h 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/platform/graphics/ANGLEWebKitBridge.h 2012-09-12 17:23:06 UTC (rev 128334)
@@ -42,6 +42,26 @@
SHADER_TYPE_FRAGMENT = SH_FRAGMENT_SHADER,
};
+enum ANGLEShaderSymbolType {
+ SHADER_SYMBOL_TYPE_ATTRIBUTE,
+ SHADER_SYMBOL_TYPE_UNIFORM
+};
+
+struct ANGLEShaderSymbol {
+ ANGLEShaderSymbolType symbolType;
+ String name;
+ ShDataType dataType;
+ int size;
+
+ bool isSampler()
+ {
+ return dataType == SH_SAMPLER_2D
+ || dataType == SH_SAMPLER_CUBE
+ || dataType == SH_SAMPLER_2D_RECT_ARB
+ || dataType == SH_SAMPLER_EXTERNAL_OES;
+ }
+};
+
class ANGLEWebKitBridge {
public:
@@ -53,6 +73,11 @@
bool validateShaderSource(const char* shaderSource, ANGLEShaderType, String& translatedShaderSource, String& shaderValidationLog, int extraCompileOptions = 0);
+ // Get the uniforms for the last validated shader of type ShShaderType.
+ // For this function to work, you must use the SH_ATTRIBUTES_UNIFORMS compile option during validation.
+ // Returns false if an unexpected error occurred in ANGLE.
+ bool getUniforms(ShShaderType, Vector<ANGLEShaderSymbol> &symbols);
+
private:
void cleanupCompilers();
Modified: trunk/Source/WebCore/platform/graphics/filters/CustomFilterCompiledProgram.cpp (128333 => 128334)
--- trunk/Source/WebCore/platform/graphics/filters/CustomFilterCompiledProgram.cpp 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/platform/graphics/filters/CustomFilterCompiledProgram.cpp 2012-09-12 17:23:06 UTC (rev 128334)
@@ -36,7 +36,7 @@
namespace WebCore {
-CustomFilterCompiledProgram::CustomFilterCompiledProgram(PassRefPtr<GraphicsContext3D> context, const String& validatedVertexShader, const String& validatedFragmentShader)
+CustomFilterCompiledProgram::CustomFilterCompiledProgram(PassRefPtr<GraphicsContext3D> context, const String& validatedVertexShader, const String& validatedFragmentShader, CustomFilterProgramType programType)
: m_context(context)
, m_program(0)
, m_positionAttribLocation(-1)
@@ -73,7 +73,7 @@
if (!m_program)
return;
- initializeParameterLocations();
+ initializeParameterLocations(programType);
m_isInitialized = true;
}
@@ -117,7 +117,7 @@
return program;
}
-void CustomFilterCompiledProgram::initializeParameterLocations()
+void CustomFilterCompiledProgram::initializeParameterLocations(CustomFilterProgramType programType)
{
m_positionAttribLocation = m_context->getAttribLocation(m_program, "a_position");
m_texAttribLocation = m_context->getAttribLocation(m_program, "a_texCoord");
@@ -129,12 +129,16 @@
m_projectionMatrixLocation = m_context->getUniformLocation(m_program, "u_projectionMatrix");
m_samplerSizeLocation = m_context->getUniformLocation(m_program, "u_textureSize");
m_contentSamplerLocation = m_context->getUniformLocation(m_program, "u_contentTexture");
- m_internalTexCoordAttribLocation = m_context->getAttribLocation(m_program, "css_a_texCoord");
- m_samplerLocation = m_context->getUniformLocation(m_program, "css_u_texture");
- // FIXME: Remove texture access via u_texture and change the tests to use blending and compositing.
- // https://bugs.webkit.org/show_bug.cgi?id=93871
- if (m_samplerLocation == -1)
- m_samplerLocation = m_context->getUniformLocation(m_program, "u_texture");
+ if (programType == PROGRAM_TYPE_BLENDS_ELEMENT_TEXTURE) {
+ // When the author uses the CSS mix function in a custom filter, we add internal symbols to the shader code.
+ // One of them, css_u_texture, references the texture of the element.
+ m_samplerLocation = m_context->getUniformLocation(m_program, "css_u_texture");
+ m_internalTexCoordAttribLocation = m_context->getAttribLocation(m_program, "css_a_texCoord");
+
+ // These internal symbols should have been added to the validated shaders.
+ ASSERT(m_samplerLocation != -1);
+ ASSERT(m_internalTexCoordAttribLocation != -1);
+ }
}
int CustomFilterCompiledProgram::uniformLocationByName(const String& name)
Modified: trunk/Source/WebCore/platform/graphics/filters/CustomFilterCompiledProgram.h (128333 => 128334)
--- trunk/Source/WebCore/platform/graphics/filters/CustomFilterCompiledProgram.h 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/platform/graphics/filters/CustomFilterCompiledProgram.h 2012-09-12 17:23:06 UTC (rev 128334)
@@ -32,6 +32,7 @@
#if ENABLE(CSS_SHADERS) && USE(3D_GRAPHICS)
+#include "CustomFilterProgramInfo.h"
#include "GraphicsContext3D.h"
#include <wtf/RefCounted.h>
#include <wtf/text/WTFString.h>
@@ -42,9 +43,9 @@
class CustomFilterCompiledProgram: public RefCounted<CustomFilterCompiledProgram> {
public:
- static PassRefPtr<CustomFilterCompiledProgram> create(PassRefPtr<GraphicsContext3D> context, const String& validatedVertexShader, const String& validatedFragmentShader)
+ static PassRefPtr<CustomFilterCompiledProgram> create(PassRefPtr<GraphicsContext3D> context, const String& validatedVertexShader, const String& validatedFragmentShader, CustomFilterProgramType programType)
{
- return adoptRef(new CustomFilterCompiledProgram(context, validatedVertexShader, validatedFragmentShader));
+ return adoptRef(new CustomFilterCompiledProgram(context, validatedVertexShader, validatedFragmentShader, programType));
}
~CustomFilterCompiledProgram();
@@ -73,11 +74,11 @@
Platform3DObject program() const { return m_program; }
private:
- CustomFilterCompiledProgram(PassRefPtr<GraphicsContext3D>, const String& validatedVertexShader, const String& validatedFragmentShader);
+ CustomFilterCompiledProgram(PassRefPtr<GraphicsContext3D>, const String& validatedVertexShader, const String& validatedFragmentShader, CustomFilterProgramType);
Platform3DObject compileShader(GC3Denum shaderType, const String& shaderString);
Platform3DObject linkProgram(Platform3DObject vertexShader, Platform3DObject fragmentShader);
- void initializeParameterLocations();
+ void initializeParameterLocations(CustomFilterProgramType);
RefPtr<GraphicsContext3D> m_context;
Platform3DObject m_program;
Modified: trunk/Source/WebCore/platform/graphics/filters/CustomFilterProgramInfo.h (128333 => 128334)
--- trunk/Source/WebCore/platform/graphics/filters/CustomFilterProgramInfo.h 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/platform/graphics/filters/CustomFilterProgramInfo.h 2012-09-12 17:23:06 UTC (rev 128334)
@@ -38,6 +38,11 @@
namespace WebCore {
+enum CustomFilterProgramType {
+ PROGRAM_TYPE_NO_ELEMENT_TEXTURE,
+ PROGRAM_TYPE_BLENDS_ELEMENT_TEXTURE
+};
+
struct CustomFilterProgramMixSettings {
CustomFilterProgramMixSettings()
: enabled(false)
@@ -75,6 +80,9 @@
const String& vertexShaderString() const { return m_vertexShaderString; }
const String& fragmentShaderString() const { return m_fragmentShaderString; }
+ // FIXME: We should add CustomFilterProgramType to CustomFilterProgramInfo and remove mixSettings.enabled.
+ // https://bugs.webkit.org/show_bug.cgi?id=96448
+ CustomFilterProgramType programType() const { return m_mixSettings.enabled ? PROGRAM_TYPE_BLENDS_ELEMENT_TEXTURE : PROGRAM_TYPE_NO_ELEMENT_TEXTURE; }
const CustomFilterProgramMixSettings& mixSettings() const { return m_mixSettings; }
private:
String m_vertexShaderString;
Modified: trunk/Source/WebCore/platform/graphics/filters/CustomFilterValidatedProgram.cpp (128333 => 128334)
--- trunk/Source/WebCore/platform/graphics/filters/CustomFilterValidatedProgram.cpp 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/platform/graphics/filters/CustomFilterValidatedProgram.cpp 2012-09-12 17:23:06 UTC (rev 128334)
@@ -85,14 +85,31 @@
// Shaders referenced from the CSS mix function use a different validator than regular WebGL shaders. See CustomFilterGlobalContext.h for more details.
ANGLEWebKitBridge* validator = programInfo.mixSettings().enabled ? m_globalContext->mixShaderValidator() : m_globalContext->webglShaderValidator();
String vertexShaderLog, fragmentShaderLog;
- bool vertexShaderValid = validator->validateShaderSource(originalVertexShader.utf8().data(), SHADER_TYPE_VERTEX, m_validatedVertexShader, vertexShaderLog);
- bool fragmentShaderValid = validator->validateShaderSource(originalFragmentShader.utf8().data(), SHADER_TYPE_FRAGMENT, m_validatedFragmentShader, fragmentShaderLog);
+ bool vertexShaderValid = validator->validateShaderSource(originalVertexShader.utf8().data(), SHADER_TYPE_VERTEX, m_validatedVertexShader, vertexShaderLog, SH_ATTRIBUTES_UNIFORMS);
+ bool fragmentShaderValid = validator->validateShaderSource(originalFragmentShader.utf8().data(), SHADER_TYPE_FRAGMENT, m_validatedFragmentShader, fragmentShaderLog, SH_ATTRIBUTES_UNIFORMS);
if (!vertexShaderValid || !fragmentShaderValid) {
// FIXME: Report the validation errors.
// https://bugs.webkit.org/show_bug.cgi?id=74416
return;
}
+ // Validate the author's samplers.
+ Vector<ANGLEShaderSymbol> uniforms;
+ if (!validator->getUniforms(SH_VERTEX_SHADER, uniforms))
+ return;
+ if (!validator->getUniforms(SH_FRAGMENT_SHADER, uniforms))
+ return;
+ for (Vector<ANGLEShaderSymbol>::iterator it = uniforms.begin(); it != uniforms.end(); ++it) {
+ if (it->isSampler()) {
+ // FIXME: For now, we restrict shaders with any sampler defined.
+ // When we implement texture parameters, we will allow shaders whose samplers are bound to valid textures.
+ // We must not allow OpenGL to give unbound samplers a default value of 0 because that references the DOM element texture,
+ // which should be inaccessible to the author's shader code.
+ // https://bugs.webkit.org/show_bug.cgi?id=96230
+ return;
+ }
+ }
+
// We need to add texture access, blending, and compositing code to shaders that are referenced from the CSS mix function.
if (programInfo.mixSettings().enabled) {
rewriteMixVertexShader();
@@ -106,7 +123,7 @@
{
ASSERT(m_isInitialized && m_globalContext && !m_validatedVertexShader.isNull() && !m_validatedFragmentShader.isNull());
if (!m_compiledProgram)
- m_compiledProgram = CustomFilterCompiledProgram::create(m_globalContext->context(), m_validatedVertexShader, m_validatedFragmentShader);
+ m_compiledProgram = CustomFilterCompiledProgram::create(m_globalContext->context(), m_validatedVertexShader, m_validatedFragmentShader, m_programInfo.programType());
return m_compiledProgram;
}
Modified: trunk/Source/WebCore/platform/graphics/filters/FECustomFilter.cpp (128333 => 128334)
--- trunk/Source/WebCore/platform/graphics/filters/FECustomFilter.cpp 2012-09-12 17:20:04 UTC (rev 128333)
+++ trunk/Source/WebCore/platform/graphics/filters/FECustomFilter.cpp 2012-09-12 17:23:06 UTC (rev 128334)
@@ -329,6 +329,9 @@
m_context->useProgram(m_compiledProgram->program());
if (m_compiledProgram->samplerLocation() != -1) {
+ // We should be binding the DOM element texture sampler only if the author is using the CSS mix function.
+ ASSERT(m_validatedProgram->programInfo().programType() == PROGRAM_TYPE_BLENDS_ELEMENT_TEXTURE);
+
m_context->activeTexture(GraphicsContext3D::TEXTURE0);
m_context->uniform1i(m_compiledProgram->samplerLocation(), 0);
#if !PLATFORM(BLACKBERRY)
