Bug 181356 - Accurately clip copyTexImage2D and copyTexSubImage2D
Summary: Accurately clip copyTexImage2D and copyTexSubImage2D
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Dean Jackson
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-01-05 16:51 PST by Dean Jackson
Modified: 2018-01-06 21:19 PST (History)
8 users (show)

See Also:

Attachments
Patch (14.26 KB, patch)
2018-01-05 16:56 PST, Dean Jackson 		eric.carlson: review+
ews-watchlist: commit-queue-
Details | Formatted Diff | Diff
Archive of layout-test-results from ews124 for ios-simulator-wk2 (2.18 MB, application/zip)
2018-01-05 18:22 PST, EWS Watchlist 		no flags Details
Patch (15.81 KB, patch)
2018-01-06 15:37 PST, Dean Jackson 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dean Jackson 2018-01-05 16:51:41 PST 
Accurately clip copyTexImage2D and copyTexSubImage2D
Comment 1 Dean Jackson 2018-01-05 16:52:23 PST 
<rdar://problem/35083877>
Comment 2 Dean Jackson 2018-01-05 16:56:01 PST 
Created attachment 330609 [details]
Patch
Comment 3 Eric Carlson 2018-01-05 17:06:13 PST 
Comment on attachment 330609 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=330609&action=review

> Source/WebCore/ChangeLog:9
> +        The code to make sure copyTexSubImage2D and copyTexImage2D don't try to read

Nit: don't => doesn't

> Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:363
> +    if (checkedInputRight.hasOverflowed() || checkedInputBottom.hasOverflowed()) {
> +        *clippedX = 0;
> +        *clippedY = 0;
> +        *clippedWidth = 0;
> +        *clippedHeight = 0;
> +        return true;
> +    }
> +
> +    GC3Dint right = std::min(checkedInputRight.unsafeGet(), sourceWidth);
> +    GC3Dint bottom = std::min(checkedInputBottom.unsafeGet(), sourceHeight);
> +
> +    if (left >= right || top >= bottom) {
> +        *clippedX = 0;
> +        *clippedY = 0;
> +        *clippedWidth = 0;
> +        *clippedHeight = 0;
> +        return true;
> +    }

It is a shame to have the same failure code twice. You might rearrange the code so you only have to include it once, eg something like:

    GC3Dint left = std::max(x, 0);
    GC3Dint top = std::max(y, 0);
    GC3Dint right = 0;
    GC3Dint bottom = 0;

    Checked<GC3Dint, RecordOverflow> checkedInputRight = Checked<GC3Dint>(x) + Checked<GC3Dsizei>(width);
    Checked<GC3Dint, RecordOverflow> checkedInputBottom = Checked<GC3Dint>(y) + Checked<GC3Dsizei>(height);
    if (!checkedInputRight.hasOverflowed() && !checkedInputBottom.hasOverflowed()) {
        right = std::min(checkedInputRight.unsafeGet(), sourceWidth);
        bottom = std::min(checkedInputBottom.unsafeGet(), sourceHeight);
    }

    if (left >= right || top >= bottom) {
       *clippedX = 0;
       *clippedY = 0;
       *clippedWidth = 0;
       *clippedHeight = 0;
       return true;
    }

> LayoutTests/fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html:43
> +// These two declarations need to be global for "shouldBe" to see them

Nit: These two => These three, or just These
Comment 4 EWS Watchlist 2018-01-05 18:22:09 PST 
Comment on attachment 330609 [details]
Patch

Attachment 330609 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: http://webkit-queues.webkit.org/results/5949239

New failing tests:
fast/canvas/webgl/copy-tex-image-and-sub-image-2d-bad-input.html
Comment 5 EWS Watchlist 2018-01-05 18:22:11 PST 
Created attachment 330627 [details]
Archive of layout-test-results from ews124 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews124  Port: ios-simulator-wk2  Platform: Mac OS X 10.12.6
Comment 6 Dean Jackson 2018-01-06 15:37:08 PST 
Created attachment 330649 [details]
Patch
Comment 7 Dean Jackson 2018-01-06 15:38:06 PST 
Thanks Eric. Updated patch to see if EWS will be happier.
Comment 8 Dean Jackson 2018-01-06 21:19:09 PST 
Committed r226490: <https://trac.webkit.org/changeset/226490>