RESOLVED FIXED 122610
Validate uniform input when setting texture sampler uniforms 
https://bugs.webkit.org/show_bug.cgi?id=122610
Summary Validate uniform input when setting texture sampler uniforms
Roger Fong
Reported 2013-10-10 11:46:00 PDT
We have to make sure when we set a texture sampler that the value is less than the max combined texture units, otherwise we throw an INVALID_VALUE error. The conformance test, conformance/uniforms/uniform-samplers-test.html, covers this.
Attachments
Patch (2.87 KB, patch)
2013-10-10 13:33 PDT, Roger Fong 		dino: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Roger Fong
Comment 1 2013-10-10 11:46:47 PDT
Fix relies on https://bugs.webkit.org/show_bug.cgi?id=122607 to be committed first.
Roger Fong
Comment 2 2013-10-10 13:33:38 PDT
Created attachment 213923 [details] Patch
Dean Jackson
Comment 3 2013-10-10 15:10:40 PDT
Comment on attachment 213923 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=213923&action=review > Source/WebCore/html/canvas/WebGLRenderingContext.cpp:4170 > + for (unsigned ii = 0; ii < v->length(); ++ii) { Is there a reason for ii vs i here? > Source/WebCore/html/canvas/WebGLRenderingContext.cpp:4171 > + if (((GC3Dint*)v)[ii] >= (int)m_textureUnits.size()) { Might as well use static_cast > Source/WebCore/html/canvas/WebGLRenderingContext.cpp:4189 > + if (location->type() == GraphicsContext3D::SAMPLER_2D || location->type() == GraphicsContext3D::SAMPLER_CUBE) > + for (unsigned ii = 0; ii < (unsigned)size; ++ii) { > + if (((GC3Dint*)v)[ii] >= (int)m_textureUnits.size()) { Same.
Roger Fong
Comment 4 2013-10-10 15:19:23 PDT
(In reply to comment #3) > (From update of attachment 213923 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=213923&action=review > > > Source/WebCore/html/canvas/WebGLRenderingContext.cpp:4170 > > + for (unsigned ii = 0; ii < v->length(); ++ii) { > > Is there a reason for ii vs i here? Eh, just saw it in a number of places in the file. There are also plenty of just i's though. I can change. > > > Source/WebCore/html/canvas/WebGLRenderingContext.cpp:4171 > > + if (((GC3Dint*)v)[ii] >= (int)m_textureUnits.size()) { > > Might as well use static_cast > > > Source/WebCore/html/canvas/WebGLRenderingContext.cpp:4189 > > + if (location->type() == GraphicsContext3D::SAMPLER_2D || location->type() == GraphicsContext3D::SAMPLER_CUBE) > > + for (unsigned ii = 0; ii < (unsigned)size; ++ii) { > > + if (((GC3Dint*)v)[ii] >= (int)m_textureUnits.size()) { > > Same. KK
Roger Fong
Comment 5 2013-10-10 16:33:54 PDT
Committed with fixes: http://trac.webkit.org/changeset/157271
Note You need to log in before you can comment on or make changes to this bug.