126925 – [WebGL] Invalid range checking in WebGLRenderingContext::validateTexFuncLevel

Bug 126925 - [WebGL] Invalid range checking in WebGLRenderingContext::validateTexFuncLevel

Summary: [WebGL] Invalid range checking in WebGLRenderingContext::validateTexFuncLevel

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebGL (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:	126963 126992
Blocks:
	Show dependency tree / graph

Reported:	2014-01-13 12:21 PST by Brent Fulgham
Modified:	2014-01-14 14:08 PST (History)
CC List:	8 users (show)

See Also:

Attachments
Patch (66.53 KB, patch) 2014-01-13 13:49 PST, Brent Fulgham	dino: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2014-01-13 12:21:16 PST

The existing logic for texture level checking in WebGLRenderingContext::validateTexFuncLevel had an off-by-one error.

It ensured that we never exceeded the value of "m_maxTextureLevel" (or "m_maxCubeMapTextureLevel"). However, these values mark the upper bound of the texture level; the storage is sized to hold this count of entries, but the actual levels are 0-indexed.

Comment 1 Brent Fulgham 2014-01-13 13:49:54 PST

Created attachment 221078 [details]
Patch

Comment 2 Brent Fulgham 2014-01-13 14:23:12 PST

Committed r161907: <http://trac.webkit.org/changeset/161907>

Comment 3 Alexey Proskuryakov 2014-01-13 21:44:25 PST

fast/canvas/webgl/webgl-compressed-texture-size-limit.html fails on all Mountain Lion bots, and is flaky on Mavericks.

Brent, are you available to look into this now?

Comment 4 WebKit Commit Bot 2014-01-13 21:56:33 PST

Re-opened since this is blocked by bug 126963

Comment 5 Alexey Proskuryakov 2014-01-13 22:01:17 PST

Rolling out, bots are noisy tonight. Some diffs:

http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK1%20(Tests)/r161909%20(12225)/fast/canvas/webgl/webgl-compressed-texture-size-limit-pretty-diff.html

http://build.webkit.org/results/Apple%20Mavericks%20Debug%20WK2%20(Tests)/r161931%20(1608)/fast/canvas/webgl/webgl-compressed-texture-size-limit-pretty-diff.html

Comment 6 Brent Fulgham 2014-01-13 23:58:45 PST

(In reply to comment #3)
> fast/canvas/webgl/webgl-compressed-texture-size-limit.html fails on all Mountain Lion bots, and is flaky on Mavericks.
> 
> Brent, are you available to look into this now?

Crap. It's graphics-card specific.

Comment 7 Brent Fulgham 2014-01-14 09:48:47 PST

Revising tests to limit texture memory to 8196, to match our smallest test bots.

Comment 8 Brent Fulgham 2014-01-14 09:49:10 PST

Committed r161978: <http://trac.webkit.org/changeset/161978>

Comment 9 Alexey Proskuryakov 2014-01-14 10:24:08 PST

This test is now crashing on bots (at least some, most haven't caught up yet): http://build.webkit.org/results/Apple%20Mavericks%20Release%20WK1%20(Tests)/r161978%20(2387)/fast/canvas/webgl/webgl-compressed-texture-size-limit-crash-log.txt

Comment 10 WebKit Commit Bot 2014-01-14 10:31:58 PST

Re-opened since this is blocked by bug 126992

Comment 11 Brent Fulgham 2014-01-14 12:48:44 PST

Committed r161996: <http://trac.webkit.org/changeset/161996>

Comment 12 Radar WebKit Bug Importer 2014-01-14 14:08:20 PST

<rdar://problem/15818236>