RESOLVED FIXED 181356
Accurately clip copyTexImage2D and copyTexSubImage2D 
https://bugs.webkit.org/show_bug.cgi?id=181356
Summary Accurately clip copyTexImage2D and copyTexSubImage2D
Dean Jackson
Reported 2018-01-05 16:51:41 PST
Accurately clip copyTexImage2D and copyTexSubImage2D
Attachments
Patch (14.26 KB, patch)
2018-01-05 16:56 PST, Dean Jackson 		eric.carlson: review+
ews-watchlist: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from ews124 for ios-simulator-wk2 (2.18 MB, application/zip)
2018-01-05 18:22 PST, EWS Watchlist 		no flags
Details
Patch (15.81 KB, patch)
2018-01-06 15:37 PST, Dean Jackson 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dean Jackson
Comment 1 2018-01-05 16:52:23 PST
<rdar://problem/35083877>
Dean Jackson
Comment 2 2018-01-05 16:56:01 PST
Created attachment 330609 [details] Patch
Eric Carlson
Comment 3 2018-01-05 17:06:13 PST
Comment on attachment 330609 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=330609&action=review > Source/WebCore/ChangeLog:9 > + The code to make sure copyTexSubImage2D and copyTexImage2D don't try to read Nit: don't => doesn't > Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:363 > + if (checkedInputRight.hasOverflowed() || checkedInputBottom.hasOverflowed()) { > + *clippedX = 0; > + *clippedY = 0; > + *clippedWidth = 0; > + *clippedHeight = 0; > + return true; > + } > + > + GC3Dint right = std::min(checkedInputRight.unsafeGet(), sourceWidth); > + GC3Dint bottom = std::min(checkedInputBottom.unsafeGet(), sourceHeight); > + > + if (left >= right || top >= bottom) { > + *clippedX = 0; > + *clippedY = 0; > + *clippedWidth = 0; > + *clippedHeight = 0; > + return true; > + } It is a shame to have the same failure code twice. You might rearrange the code so you only have to include it once, eg something like: GC3Dint left = std::max(x, 0); GC3Dint top = std::max(y, 0); GC3Dint right = 0; GC3Dint bottom = 0; Checked<GC3Dint, RecordOverflow> checkedInputRight = Checked<GC3Dint>(x) + Checked<GC3Dsizei>(width); Checked<GC3Dint, RecordOverflow> checkedInputBottom = Checked<GC3Dint>(y) + Checked<GC3Dsizei>(height); if (!checkedInputRight.hasOverflowed() && !checkedInputBottom.hasOverflowed()) { right = std::min(checkedInputRight.unsafeGet(), sourceWidth); bottom = std::min(checkedInputBottom.unsafeGet(), sourceHeight); } if (left >= right || top >= bottom) { *clippedX = 0; *clippedY = 0; *clippedWidth = 0; *clippedHeight = 0; return true; } > LayoutTests/fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html:43 > +// These two declarations need to be global for "shouldBe" to see them Nit: These two => These three, or just These
EWS Watchlist
Comment 4 2018-01-05 18:22:09 PST
Comment on attachment 330609 [details] Patch Attachment 330609 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: http://webkit-queues.webkit.org/results/5949239 New failing tests: fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html
EWS Watchlist
Comment 5 2018-01-05 18:22:11 PST
Created attachment 330627 [details] Archive of layout-test-results from ews124 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews124 Port: ios-simulator-wk2 Platform: Mac OS X 10.12.6
Dean Jackson
Comment 6 2018-01-06 15:37:08 PST
Created attachment 330649 [details] Patch
Dean Jackson
Comment 7 2018-01-06 15:38:06 PST
Thanks Eric. Updated patch to see if EWS will be happier.
Dean Jackson
Comment 8 2018-01-06 21:19:09 PST
Committed r226490: <https://trac.webkit.org/changeset/226490>
Note You need to log in before you can comment on or make changes to this bug.