242788 – Don't nullify WebGLExtension::m_context on context loss.

Bug 242788 - Don't nullify WebGLExtension::m_context on context loss.

Summary: Don't nullify WebGLExtension::m_context on context loss.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebGL (show other bugs)
Version:	WebKit Nightly Build
Hardware:	All All

Importance:	P2 Major
Assignee:	Dan Glastonbury

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-07-14 21:36 PDT by Dan Glastonbury
Modified:	2022-07-25 19:35 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dan Glastonbury 2022-07-14 21:36:58 PDT

WebGLExtension::loseParentContext() nulls m_context pointer. In the GPUP world, where any GL call can result in a context loss, this behaviour can lead to null pointer access at random places inside a WebGL extension object after the code has checked for a valid m_context pointer at function entry.

Comment 1 Dan Glastonbury 2022-07-14 21:37:40 PDT

rdar://95969241

Comment 2 Dan Glastonbury 2022-07-14 21:49:37 PDT

Pull request: https://github.com/WebKit/WebKit/pull/2442

Comment 3 EWS 2022-07-25 19:35:18 PDT

Committed 252810@main (554972c0f0a7): <https://commits.webkit.org/252810@main>

Reviewed commits have been landed. Closing PR #2442 and removing active labels.