The WebGLBuffer class helps validate calls to bufferData and bufferSubData, and holds on to copies of indices for ELEMENT_ARRAY_BUFFER type buffers. Currently, its lowest level validation is written in terms of ArrayBuffers, which makes the validation checks it does much more complicated than they should be. Typed array instances, in particular subarrays, are already verified during construction, and some of the checks being done in WebGLBuffer are redundant. Additionally, it looks like they may even be incomplete because of the complexity of the code. Changing the base validation routines to operate on a (void*, GC3Dsizeiptr) pair simplifies them considerably.
Created attachment 182908 [details] Patch
Comment on attachment 182908 [details] Patch Clearing flags on attachment: 182908 Committed r139914: <http://trac.webkit.org/changeset/139914>
All reviewed patches have been landed. Closing bug.
Reverted r139914 for reason: Caused crashes in compositing/visibility/visibility-simple-webgl-layer.html Committed r139923: <http://trac.webkit.org/changeset/139923>
I've attempted to reproduce locally the crash seen in the flakiness dashboard with both Debug and Release builds of DRT but can not. I suspect that the crash is some rare preexisting bug. Subsequent runs on the flakiness dashboard which still contained my patch were clean. I'm going to re-land it.
Committed r139928: <http://trac.webkit.org/changeset/139928>
For the record, here was the failing build: http://build.chromium.org/p/chromium.webkit/builders/WebKit%20Mac10.8/builds/4201 and the layout test results from that run: http://build.chromium.org/f/chromium/layout_test_results/WebKit_Mac10_8/177217/layout-test-results.zip