31891 2009-11-25 16:11:24 -0800 Off-by-one error in index validation for drawElements and drawArrays 2009-12-15 14:57:05 -0800 1 1 1 Unclassified WebKit WebGL 528+ (Nightly build) All All RESOLVED FIXED P1 Major --- 0 kbr kbr brettw cmarrin commit-queue oliver petersont rlp oldest_to_newest 166570 0 kbr 2009-11-25 16:11:24 -0800 There is an off-by-one error in the index validation introduced in https://bugs.webkit.org/show_bug.cgi?id=31239 which is one of the reasons some demos no longer work. The computation of the available elements in the bound array buffers does not take into account the fact that for the last element, the number of bytes touched is only that of the data itself, not including the stride. 166571 1 43875 kbr 2009-11-25 16:15:46 -0800 Created attachment 43875 Patch 166574 2 43875 oliver 2009-11-25 16:25:51 -0800 Comment on attachment 43875 Patch r=me 166579 3 43875 commit-queue 2009-11-25 16:44:49 -0800 Comment on attachment 43875 Patch Clearing flags on attachment: 43875 Committed r51400: <http://trac.webkit.org/changeset/51400> 166580 4 commit-queue 2009-11-25 16:44:54 -0800 All reviewed patches have been landed. Closing bug. 43875 2009-11-25 16:15:46 -0800 2009-11-25 16:44:49 -0800 Patch index-validation.patch text/plain 6589 kbr SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1MTM5NykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTcgQEAKKzIwMDktMTEtMjUgIEtlbm5ldGggUnVzc2VsbCAgPGtickBnb29nbGUu Y29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIE9m Zi1ieS1vbmUgZXJyb3IgaW4gaW5kZXggdmFsaWRhdGlvbiBmb3IgZHJhd0VsZW1lbnRzIGFuZCBk cmF3QXJyYXlzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0zMTg5MQorCisgICAgICAgIEZpeGVkIGNvbXB1dGF0aW9uIG9mIG51bWJlciBvZiBlbGVtZW50 cyBmb3IgYm91bmQgYXJyYXkgb2JqZWN0cy4KKworICAgICAgICBUZXN0OiBmYXN0L2NhbnZhcy93 ZWJnbC9pbmRleC12YWxpZGF0aW9uLmh0bWwKKworICAgICAgICAqIGh0bWwvY2FudmFzL1dlYkdM UmVuZGVyaW5nQ29udGV4dC5jcHA6CisgICAgICAgIChXZWJDb3JlOjpXZWJHTFJlbmRlcmluZ0Nv bnRleHQ6OnZlcnRleEF0dHJpYlBvaW50ZXIpOgorCiAyMDA5LTExLTI1ICBEbWl0cnkgVGl0b3Yg IDxkaW1pY2hAY2hyb21pdW0ub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhdmlkIExldmlu LgpJbmRleDogV2ViQ29yZS9odG1sL2NhbnZhcy9XZWJHTFJlbmRlcmluZ0NvbnRleHQuY3BwCj09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT0KLS0tIFdlYkNvcmUvaHRtbC9jYW52YXMvV2ViR0xSZW5kZXJpbmdDb250ZXh0LmNw cAkocmV2aXNpb24gNTEzOTcpCisrKyBXZWJDb3JlL2h0bWwvY2FudmFzL1dlYkdMUmVuZGVyaW5n Q29udGV4dC5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTIwNDYsNiArMjA0Niw3IEBAIHZvaWQgV2Vi R0xSZW5kZXJpbmdDb250ZXh0Ojp2ZXJ0ZXhBdHRyaWIKIHZvaWQgV2ViR0xSZW5kZXJpbmdDb250 ZXh0Ojp2ZXJ0ZXhBdHRyaWJQb2ludGVyKHVuc2lnbmVkIGxvbmcgaW5keCwgbG9uZyBzaXplLCB1 bnNpZ25lZCBsb25nIHR5cGUsIGJvb2wgbm9ybWFsaXplZCwgdW5zaWduZWQgbG9uZyBzdHJpZGUs IHVuc2lnbmVkIGxvbmcgb2Zmc2V0LCBFeGNlcHRpb25Db2RlJiBlYykKIHsKICAgICBpZiAoIW1f Ym91bmRBcnJheUJ1ZmZlciB8fCBpbmR4ID49IG1fbWF4VmVydGV4QXR0cmlicykgeworICAgICAg ICAvLyBGSVhNRTogcmFpc2UgR0xfSU5WQUxJRF9WQUxVRSBlcnJvcgogICAgICAgICBlYyA9IElO VkFMSURfU1RBVEVfRVJSOwogICAgICAgICByZXR1cm47CiAgICAgfQpAQCAtMjA1OCwxNyArMjA1 OSwyNSBAQCB2b2lkIFdlYkdMUmVuZGVyaW5nQ29udGV4dDo6dmVydGV4QXR0cmliCiAgICAgbG9u ZyBieXRlc1BlckVsZW1lbnQgPSBzaXplICogc2l6ZUluQnl0ZXModHlwZSwgZWMpOwogICAgIGlm IChlYyAhPSAwKQogICAgICAgICByZXR1cm47Ci0gICAgICAgIAorICAgIGxvbmcgdmFsaWRhdGVk U3RyaWRlID0gYnl0ZXNQZXJFbGVtZW50OwogICAgIGlmIChzdHJpZGUgIT0gMCkgewogICAgICAg ICBpZiAoKGxvbmcpIHN0cmlkZSA8IGJ5dGVzUGVyRWxlbWVudCkgeworICAgICAgICAgICAgLy8g RklYTUU6IHJhaXNlIEdMX0lOVkFMSURfVkFMVUUgZXJyb3IKICAgICAgICAgICAgIGVjID0gU1lO VEFYX0VSUjsKICAgICAgICAgICAgIHJldHVybjsKICAgICAgICAgfQogICAgICAgICAKLSAgICAg ICAgYnl0ZXNQZXJFbGVtZW50ID0gc3RyaWRlOworICAgICAgICB2YWxpZGF0ZWRTdHJpZGUgPSBz dHJpZGU7CiAgICAgfQogICAgICAgICAKLSAgICBtX3ZlcnRleEF0dHJpYlN0YXRlW2luZHhdLm51 bUVsZW1lbnRzID0gKG1fYm91bmRBcnJheUJ1ZmZlci0+Ynl0ZUxlbmd0aChHcmFwaGljc0NvbnRl eHQzRDo6QVJSQVlfQlVGRkVSKSAtIG9mZnNldCkgLyBieXRlc1BlckVsZW1lbnQ7CisgICAgLy8g QXZvaWQgb2ZmLWJ5LW9uZSBlcnJvcnMgaW4gbnVtRWxlbWVudHMgY29tcHV0YXRpb24uCisgICAg Ly8gRm9yIHRoZSBsYXN0IGVsZW1lbnQsIHdlIHdpbGwgb25seSB0b3VjaCB0aGUgZGF0YSBmb3Ig dGhlCisgICAgLy8gZWxlbWVudCBhbmQgbm90aGluZyBiZXlvbmQgaXQuCisgICAgbG9uZyBieXRl c1JlbWFpbmluZyA9IG1fYm91bmRBcnJheUJ1ZmZlci0+Ynl0ZUxlbmd0aChHcmFwaGljc0NvbnRl eHQzRDo6QVJSQVlfQlVGRkVSKSAtIG9mZnNldDsKKyAgICBpZiAoYnl0ZXNSZW1haW5pbmcgPCBi eXRlc1BlckVsZW1lbnQpCisgICAgICAgIG1fdmVydGV4QXR0cmliU3RhdGVbaW5keF0ubnVtRWxl bWVudHMgPSAwOworICAgIGVsc2UKKyAgICAgICAgbV92ZXJ0ZXhBdHRyaWJTdGF0ZVtpbmR4XS5u dW1FbGVtZW50cyA9IDEgKyAoYnl0ZXNSZW1haW5pbmcgLSBieXRlc1BlckVsZW1lbnQpIC8gdmFs aWRhdGVkU3RyaWRlOwogCiAgICAgbV9jb250ZXh0LT52ZXJ0ZXhBdHRyaWJQb2ludGVyKGluZHgs IHNpemUsIHR5cGUsIG5vcm1hbGl6ZWQsIHN0cmlkZSwgb2Zmc2V0KTsKICAgICBjbGVhbnVwQWZ0 ZXJHcmFwaGljc0NhbGwoZmFsc2UpOwpJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCj09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gNTEzOTcpCisrKyBMYXlv dXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxOCBAQAorMjAwOS0x MS0yNSAgS2VubmV0aCBSdXNzZWxsICA8a2JyQGdvb2dsZS5jb20+CisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgT2ZmLWJ5LW9uZSBlcnJvciBpbiBpbmRl eCB2YWxpZGF0aW9uIGZvciBkcmF3RWxlbWVudHMgYW5kIGRyYXdBcnJheXMKKyAgICAgICAgaHR0 cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTMxODkxCisKKyAgICAgICAgRml4 ZWQgY29tcHV0YXRpb24gb2YgbnVtYmVyIG9mIGVsZW1lbnRzIGZvciBib3VuZCBhcnJheSBvYmpl Y3RzLgorCisgICAgICAgIFRlc3Q6IGZhc3QvY2FudmFzL3dlYmdsL2luZGV4LXZhbGlkYXRpb24u aHRtbAorCisgICAgICAgICogZmFzdC9jYW52YXMvd2ViZ2wvaW5kZXgtdmFsaWRhdGlvbi1leHBl Y3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGZhc3QvY2FudmFzL3dlYmdsL2luZGV4LXZhbGlk YXRpb24uaHRtbDogQWRkZWQuCisgICAgICAgICogZmFzdC9jYW52YXMvd2ViZ2wvc2NyaXB0LXRl c3RzL2luZGV4LXZhbGlkYXRpb24uanM6IEFkZGVkLgorCiAyMDA5LTExLTI1ICBDc2FiYSBPc3p0 cm9nb27DoWMgIDxvc3N5QHdlYmtpdC5vcmc+CiAKICAgICAgICAgW1F0XSBQdXQgdGVzdHMgaW50 byBza2lwbGlzdCBiZWNhdXNlIG9mIG1pc3NpbmcgbGF5b3V0VGVzdENvbnRyb2xsZXIgZmVhdHVy ZS4KSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvY2FudmFzL3dlYmdsL2luZGV4LXZhbGlkYXRpb24t ZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL2Zhc3QvY2FudmFzL3dlYmds L2luZGV4LXZhbGlkYXRpb24tZXhwZWN0ZWQudHh0CShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVz dHMvZmFzdC9jYW52YXMvd2ViZ2wvaW5kZXgtdmFsaWRhdGlvbi1leHBlY3RlZC50eHQJKHJldmlz aW9uIDApCkBAIC0wLDAgKzEsMTEgQEAKK1Rlc3Qgb2YgZ2V0IGNhbGxzIGFnYWluc3QgR0wgb2Jq ZWN0cyBsaWtlIGdldEJ1ZmZlclBhcmFtZXRlciwgZXRjLgorCitPbiBzdWNjZXNzLCB5b3Ugd2ls bCBzZWUgYSBzZXJpZXMgb2YgIlBBU1MiIG1lc3NhZ2VzLCBmb2xsb3dlZCBieSAiVEVTVCBDT01Q TEVURSIuCisKK1BBU1MgZ2wuZ2V0RXJyb3IoKSBpcyAwCitQQVNTIGdsLmRyYXdFbGVtZW50cyhn bC5UUklBTkdMRVMsIDMsIGdsLlVOU0lHTkVEX1NIT1JULCAwKSBpcyB1bmRlZmluZWQuCitQQVNT IGdsLmdldEVycm9yKCkgaXMgMAorUEFTUyBzdWNjZXNzZnVsbHlQYXJzZWQgaXMgdHJ1ZQorCitU RVNUIENPTVBMRVRFCisKSW5kZXg6IExheW91dFRlc3RzL2Zhc3QvY2FudmFzL3dlYmdsL2luZGV4 LXZhbGlkYXRpb24uaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9mYXN0L2NhbnZhcy93 ZWJnbC9pbmRleC12YWxpZGF0aW9uLmh0bWwJKHJldmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9m YXN0L2NhbnZhcy93ZWJnbC9pbmRleC12YWxpZGF0aW9uLmh0bWwJKHJldmlzaW9uIDApCkBAIC0w LDAgKzEsMTUgQEAKKzxodG1sPgorPGhlYWQ+Cis8bGluayByZWw9InN0eWxlc2hlZXQiIGhyZWY9 Ii4uLy4uL2pzL3Jlc291cmNlcy9qcy10ZXN0LXN0eWxlLmNzcyIvPgorPHNjcmlwdCBzcmM9Ii4u Ly4uL2pzL3Jlc291cmNlcy9qcy10ZXN0LXByZS5qcyI+PC9zY3JpcHQ+Cis8c2NyaXB0IHNyYz0i cmVzb3VyY2VzL3dlYmdsLXRlc3QuanMiPjwvc2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8ZGl2 IGlkPSJkZXNjcmlwdGlvbiI+PC9kaXY+Cis8ZGl2IGlkPSJjb25zb2xlIj48L2Rpdj4KKworPHNj cmlwdCBzcmM9InNjcmlwdC10ZXN0cy9pbmRleC12YWxpZGF0aW9uLmpzIj48L3NjcmlwdD4KKwor PHNjcmlwdCBzcmM9Ii4uLy4uL2pzL3Jlc291cmNlcy9qcy10ZXN0LXBvc3QuanMiPjwvc2NyaXB0 PgorPC9ib2R5PgorPC9odG1sPgpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9jYW52YXMvd2ViZ2wv c2NyaXB0LXRlc3RzL2luZGV4LXZhbGlkYXRpb24uanMKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVz dHMvZmFzdC9jYW52YXMvd2ViZ2wvc2NyaXB0LXRlc3RzL2luZGV4LXZhbGlkYXRpb24uanMJKHJl dmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2NhbnZhcy93ZWJnbC9zY3JpcHQtdGVzdHMv aW5kZXgtdmFsaWRhdGlvbi5qcwkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwzMiBAQAorZGVzY3Jp cHRpb24oIlRlc3Qgb2YgZ2V0IGNhbGxzIGFnYWluc3QgR0wgb2JqZWN0cyBsaWtlIGdldEJ1ZmZl clBhcmFtZXRlciwgZXRjLiIpOworCit2YXIgZ2wgPSBjcmVhdGUzRENvbnRleHQoKTsKK3ZhciBw cm9ncmFtID0gbG9hZFN0YW5kYXJkUHJvZ3JhbShnbCk7CisKKy8vIDMgdmVydGljZXMgPT4gMSB0 cmlhbmdsZSwgaW50ZXJsZWF2ZWQgZGF0YQordmFyIGRhdGEgPSBuZXcgV2ViR0xGbG9hdEFycmF5 KFswLCAwLCAwLCAxLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAwLCAwLCAxLAor ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAxLCAwLCAwLCAxLAorICAgICAgICAgICAg ICAgICAgICAgICAgICAgICAgICAwLCAwLCAxLAorICAgICAgICAgICAgICAgICAgICAgICAgICAg ICAgICAxLCAxLCAxLCAxLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAwLCAwLCAx XSk7Cit2YXIgaW5kaWNlcyA9IG5ldyBXZWJHTFVuc2lnbmVkU2hvcnRBcnJheShbMCwgMSwgMl0p OworCit2YXIgYnVmZmVyID0gZ2wuY3JlYXRlQnVmZmVyKCk7CitnbC5iaW5kQnVmZmVyKGdsLkFS UkFZX0JVRkZFUiwgYnVmZmVyKTsKK2dsLmJ1ZmZlckRhdGEoZ2wuQVJSQVlfQlVGRkVSLCBkYXRh LCBnbC5TVEFUSUNfRFJBVyk7Cit2YXIgZWxlbWVudHMgPSBnbC5jcmVhdGVCdWZmZXIoKTsKK2ds LmJpbmRCdWZmZXIoZ2wuRUxFTUVOVF9BUlJBWV9CVUZGRVIsIGVsZW1lbnRzKTsKK2dsLmJ1ZmZl ckRhdGEoZ2wuRUxFTUVOVF9BUlJBWV9CVUZGRVIsIGluZGljZXMsIGdsLlNUQVRJQ19EUkFXKTsK K2dsLnVzZVByb2dyYW0ocHJvZ3JhbSk7Cit2YXIgdmVydGV4TG9jID0gZ2wuZ2V0QXR0cmliTG9j YXRpb24ocHJvZ3JhbSwgImFfdmVydGV4Iik7Cit2YXIgbm9ybWFsTG9jID0gZ2wuZ2V0QXR0cmli TG9jYXRpb24ocHJvZ3JhbSwgImFfbm9ybWFsIik7CitnbC52ZXJ0ZXhBdHRyaWJQb2ludGVyKHZl cnRleExvYywgNCwgZ2wuRkxPQVQsIGZhbHNlLCA3ICogZ2wuc2l6ZUluQnl0ZXMoZ2wuRkxPQVQp LCAwKTsKK2dsLmVuYWJsZVZlcnRleEF0dHJpYkFycmF5KHZlcnRleExvYyk7CitnbC52ZXJ0ZXhB dHRyaWJQb2ludGVyKG5vcm1hbExvYywgMywgZ2wuRkxPQVQsIGZhbHNlLCA3ICogZ2wuc2l6ZUlu Qnl0ZXMoZ2wuRkxPQVQpLCAzICogZ2wuc2l6ZUluQnl0ZXMoZ2wuRkxPQVQpKTsKK2dsLmVuYWJs ZVZlcnRleEF0dHJpYkFycmF5KG5vcm1hbExvYyk7CitzaG91bGRCZSgnZ2wuZ2V0RXJyb3IoKScs ICcwJyk7CitzaG91bGRCZVVuZGVmaW5lZCgnZ2wuZHJhd0VsZW1lbnRzKGdsLlRSSUFOR0xFUywg MywgZ2wuVU5TSUdORURfU0hPUlQsIDApJyk7CitzaG91bGRCZSgnZ2wuZ2V0RXJyb3IoKScsICcw Jyk7CisKK3N1Y2Nlc3NmdWxseVBhcnNlZCA9IHRydWU7Cg==