Bug 181558

<rdar://problem/36189833>

Created attachment 331115 [details]
Patch

Comment on attachment 331115 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=331115&action=review

> Source/WebCore/ChangeLog:13
> +        accidentally cast a unsigned to a signed.

Nit: "a unsigned" => "an unsigned"

> Source/WebCore/html/canvas/WebGL2RenderingContext.cpp:1830
> +    Checked<unsigned, RecordOverflow> checkedNumElementsRequired = Checked<unsigned>(maxIndex.value());
> +    checkedNumElementsRequired += 1;
> +    if (checkedNumElementsRequired.hasOverflowed())
> +        return false;
> +    numElementsRequired = checkedNumElementsRequired.unsafeGet();
> +    return true;

Nit: you could create a helper function for this since you have the same code in several places. Something like this uncompiled code might work:

    template <typename T> static inline std::optional<T> checkedAddUnsigned(T value, T toAdd)
    {
        Checked<T, RecordOverflow> checkedResult = Checked<T>(value);
        checkedResult += toAdd;
        if (checkedResult.hasOverflowed())
            return std::nullopt;

        return checkedResult.unsafeGet();
    }

...

    auto checkedResult = checkedAddUnsigned(maxIndex.value(), 1);
    if (!checkedResult)
        return false;

    numElementsRequired = checkedResult.value();
    return true;

Comment on attachment 331115 [details]
Patch

Attachment 331115 [details] did not pass mac-ews (mac):
Output: http://webkit-queues.webkit.org/results/6041466

New failing tests:
fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

Created attachment 331131 [details]
Archive of layout-test-results from ews103 for mac-sierra

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews103  Port: mac-sierra  Platform: Mac OS X 10.12.6

Comment on attachment 331115 [details]
Patch

Attachment 331115 [details] did not pass mac-debug-ews (mac):
Output: http://webkit-queues.webkit.org/results/6041190

New failing tests:
fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

Created attachment 331134 [details]
Archive of layout-test-results from ews117 for mac-sierra

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews117  Port: mac-sierra  Platform: Mac OS X 10.12.6

Comment on attachment 331115 [details]
Patch

Attachment 331115 [details] did not pass mac-wk2-ews (mac-wk2):
Output: http://webkit-queues.webkit.org/results/6043533

New failing tests:
fast/canvas/webgl/simulated-vertexAttrib0-invalid-indicies.html

Created attachment 331154 [details]
Archive of layout-test-results from ews107 for mac-sierra-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107  Port: mac-sierra-wk2  Platform: Mac OS X 10.12.6

Committed r226916: <https://trac.webkit.org/changeset/226916>

There is a good chance some bots will crash on this test. Hello bot-watchers!

The test attempts to create a massive buffer, and should produce an OUT_OF_MEMORY error from GL. However, some hardware seems to crash instead.

If you see new crashes on iOS or High Sierra, that's bad. Please temporarily skip and let me know. We might have to just remove the test.

The test is failing (without crashing) on GTK, see bug #181659. That is, no GL error occurs, as expected. I wonder, does that indicate a problem in the OpenGL implementation...?