RESOLVED DUPLICATE of bug 250558 250862
REGRESSION(?): validateTexFuncData is getting passed the entire WASM ArrayBuffer instead of the texture buffer 
https://bugs.webkit.org/show_bug.cgi?id=250862
Summary REGRESSION(?): validateTexFuncData is getting passed the entire WASM ArrayBuf...
Ruba Merza
Reported 2023-01-19 14:13:16 PST
Created attachment 464566 [details] Unity build that breaks on iOS 16.2 We've observed Unity WebGL applications crashing during loading in iOS 16. We did some investigating and found that in Webkit's WebGLRenderingContextBase::validateTexFuncData() function, the byteLength being returned is the WASM heap size and not the image size when using the WebGL2 srcOffset variant of glTexSubImage2D, which we believe is the cause of the memory issue that's then crashing the Unity application. I'm attaching a project where we've set the Total Memory to 768 MB, and it immediately crashes on Safari in iOS 16.2, as well as a screenshot showing byteLength returning the size of the WASM array buffer.
Attachments
Unity build that breaks on iOS 16.2 (4.90 MB, application/zip)
2023-01-19 14:13 PST, Ruba Merza 		no flags
Details
screenshot showing the bytelength returned (249.14 KB, image/png)
2023-01-19 14:13 PST, Ruba Merza 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Ruba Merza
Comment 1 2023-01-19 14:13:43 PST
Created attachment 464567 [details] screenshot showing the bytelength returned
Alexey Proskuryakov
Comment 2 2023-01-19 19:05:57 PST
Thank you for the report! Could you please confirm when this worked?
Radar WebKit Bug Importer
Comment 3 2023-01-19 19:06:36 PST
<rdar://problem/104457648>
Brendan Duncan
Comment 4 2023-01-20 15:27:18 PST
Hi Alexey, I don't believe this is a regression in WebGL2, but a regression from WebGL1 to WebGL2. WebGL2 has the new variant of texSubImage2D that takes the WASM heap pointer and a srcOffset to the texture data. This is the variant that is reporting too much memory for the texture. In WebGLRenderingContextBase::validateTexFuncData, it returns byteLength, which it gets from pixels->byteLength(). byteLength is getting adjusted by srcOffset. However, pixels is still a view to the entire heap, so byteLength will be heapSize - srcOffset. From our understanding, this is causing even a small texture to report needing a large amount of memory.
Kimmo Kinnunen
Comment 5 2023-02-01 00:38:28 PST
I think this is duplicate of bug 250558 *** This bug has been marked as a duplicate of bug 250558 ***
Note You need to log in before you can comment on or make changes to this bug.