Bug 238134

Summary: Validate readpixels format and type inside of WebCore
Product: WebKit Reporter: John Cunningham <johncunningham>
Component: WebGLAssignee: John Cunningham <johncunningham>
Status: ASSIGNED    
Severity: Normal CC: ahmad.saleem792, cdumez, changseok, dino, esprehn+autocc, ews-watchlist, gyuyoung.kim, kbr, kkinnunen, kondapallykalyan, mmaxfield, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on: 239114    
Bug Blocks:    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch ews-feeder: commit-queue-

John Cunningham
Reported Monday, March 21, 2022 8:55:47 AM UTC
Validate readpixels against UNSIGNED_INT_24_8 type and DEPTH_COMPONENT format
Attachments
Patch (4.08 KB, patch)
2022-03-21 00:56 PDT, John Cunningham 		no flags
DetailsFormatted DiffDiff
Patch (6.33 KB, patch)
2022-03-21 17:48 PDT, John Cunningham 		no flags
DetailsFormatted DiffDiff
Patch (6.38 KB, patch)
2022-03-21 17:52 PDT, John Cunningham 		no flags
DetailsFormatted DiffDiff
Patch (6.43 KB, patch)
2022-03-22 09:25 PDT, John Cunningham 		ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
John Cunningham
Comment 1 Monday, March 21, 2022 8:56:27 AM UTC
Created attachment 455221 [details] Patch
John Cunningham
Comment 2 Monday, March 21, 2022 8:57:34 AM UTC
webgl/2.0.y/conformance/reading/read-pixels-test.html now passes in entirety.
EWS Watchlist
Comment 3 Monday, March 21, 2022 8:57:45 AM UTC
Note that there are important steps to take when updating ANGLE. See https://trac.webkit.org/wiki/UpdatingANGLE
John Cunningham
Comment 4 Tuesday, March 22, 2022 1:48:47 AM UTC
Created attachment 455308 [details] Patch
John Cunningham
Comment 5 Tuesday, March 22, 2022 1:52:46 AM UTC
Created attachment 455310 [details] Patch
Myles C. Maxfield
Comment 6 Tuesday, March 22, 2022 2:06:41 AM UTC
Comment on attachment 455310 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=455310&action=review > Source/WebCore/ChangeLog:3 > + Validate readpixels format and type inside of WebCore Silly question: Why doesn't ANGLE validate this for us?
John Cunningham
Comment 7 Tuesday, March 22, 2022 5:25:09 PM UTC
Created attachment 455380 [details] Patch
Kenneth Russell
Comment 8 Tuesday, March 22, 2022 6:33:25 PM UTC
Comment on attachment 455380 [details] Patch Just FYI: ANGLE does do this validation. The only validation that should be needed at the WebCore level is to ensure that the incoming typed array type is compatible with the format being requested in readPixels. See Chromium's associated validation: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc;l=4568 https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/modules/webgl/webgl2_rendering_context_base.cc;l=5608
John Cunningham
Comment 9 Tuesday, March 22, 2022 6:42:48 PM UTC
(In reply to Kenneth Russell from comment #8) > Comment on attachment 455380 [details] > Patch > > Just FYI: ANGLE does do this validation. The only validation that should be > needed at the WebCore level is to ensure that the incoming typed array type > is compatible with the format being requested in readPixels. See Chromium's > associated validation: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/ > renderer/modules/webgl/webgl_rendering_context_base.cc;l=4568 > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/ > renderer/modules/webgl/webgl2_rendering_context_base.cc;l=5608 Thanks, Ken. My original patch here was on ANGLE. It seems there are two things going on: 1. ANGLE's readpixel validation allows UNSIGNED_INT_24_8, which does not seem to be accurate to my spec reading. 2. ANGLE's readpixel validation early outs for read-pixels-test.html because of a missing attachment which is undefined behavior, see these lines in validationES.cpp if (readBuffer == nullptr) { context->validationError(entryPoint, GL_INVALID_OPERATION, kMissingReadAttachment); return false; } I'm happy to fix the first in upstream ANGLE, and fix the undefined behavior in the test which is causing it to fail. I wonder if it still makes sense to swap the order of the undefined behavior check of missing attachment to after the pixel/type validation in ANGLE.
Kenneth Russell
Comment 10 Tuesday, March 22, 2022 7:47:14 PM UTC
(In reply to John Cunningham from comment #9) > (In reply to Kenneth Russell from comment #8) > > Comment on attachment 455380 [details] > > Patch > > > > Just FYI: ANGLE does do this validation. The only validation that should be > > needed at the WebCore level is to ensure that the incoming typed array type > > is compatible with the format being requested in readPixels. See Chromium's > > associated validation: > > > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/ > > renderer/modules/webgl/webgl_rendering_context_base.cc;l=4568 > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/ > > renderer/modules/webgl/webgl2_rendering_context_base.cc;l=5608 > > Thanks, Ken. My original patch here was on ANGLE. It seems there are two > things going on: > > 1. ANGLE's readpixel validation allows UNSIGNED_INT_24_8, which does not > seem to be accurate to my spec reading. > > 2. ANGLE's readpixel validation early outs for read-pixels-test.html because > of a missing attachment which is undefined behavior, see these lines in > validationES.cpp > > if (readBuffer == nullptr) > { > context->validationError(entryPoint, GL_INVALID_OPERATION, > kMissingReadAttachment); > return false; > } > > I'm happy to fix the first in upstream ANGLE, and fix the undefined behavior > in the test which is causing it to fail. I wonder if it still makes sense to > swap the order of the undefined behavior check of missing attachment to > after the pixel/type validation in ANGLE. Thanks for the confirmation; I see. For (1), it sounds fine to look into fixing this in ANGLE; but the bug is in Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp, WebGLRenderingContextBase::validateArrayBufferType. The case for GraphicsContextGL::UNSIGNED_INT_24_8 should just be removed; then that part of the test will pass. Not sure about the second bug though. Happy to discuss further.
Kenneth Russell
Comment 11 Wednesday, March 23, 2022 2:09:25 AM UTC
After further discussion on Slack, I see that the existing validateArrayBufferType is used for both Tex{Sub}Image and ReadPixels operations. Still - would you consider passing an additional parameter to validateArrayBufferType, whether it's for ReadPixels or not? Then it could reject UNSIGNED_INT_24_8 for ReadPixels and avoid duplicating this code.
Radar WebKit Bug Importer
Comment 12 Monday, March 28, 2022 8:56:16 AM UTC
<rdar://problem/90910118>
Kimmo Kinnunen
Comment 13 Tuesday, April 12, 2022 7:45:55 AM UTC
Landed in ANGLE upstream: https://bugs.chromium.org/p/angleproject/issues/detail?id=7119
Kenneth Russell
Comment 14 Wednesday, April 27, 2022 12:22:35 AM UTC
Should roll into WebKit in Bug 239114.
Ahmad Saleem
Comment 15 Wednesday, June 1, 2022 11:54:34 PM UTC
I think this bug can be closed (if scope is just update of ANGLE library) since it was within ANGLE library and it was updated as mentioned in Comment 13. But, from Comment 10 to remove a case bit within "Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp", I noticed from Webkit Github mirror that it is still present on line 5504. Webkit Mirror file link - https://github.com/WebKit/WebKit/blob/2e84b9750f8c04ed405b84e8fbfb2dbc0bf24497/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp Thanks!
Note You need to log in before you can comment on or make changes to this bug.