[webkit-changes] [WebKit/WebKit] a2b3dc: [ANGLE] UBO convert only whole block
Dan Glastonbury
noreply at github.com
Fri Jun 23 14:17:14 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: a2b3dcad4f04acf986db93170bebfbe88c991517
https://github.com/WebKit/WebKit/commit/a2b3dcad4f04acf986db93170bebfbe88c991517
Author: Dan Glastonbury <djg at apple.com>
Date: 2023-06-23 (Fri, 23 Jun 2023)
Changed paths:
M Source/ThirdParty/ANGLE/changes.diff
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm
Log Message:
-----------
[ANGLE] UBO convert only whole block
rdar://108349524
[Relanded by David Kilzer after being rolled out by 264786 at main.]
[Originally tracked by: rdar://106964250]
Reviewed by Dean Jackson.
OpenGL doesn't guarantee that the buffer backing uniform blocks needs to be a
multiple of the block size. When converting OpenGL layout blocks to Metal
layout, ConvertUniformBufferData is rounding up the size of the backing buffer
to a multiple of the block size which leads to reading out of bounds.
To ensure we don't read outside the source buffer, this change replaces calls to
`memcpy` with `memcpy_guarded` which accepts a pointer to the limit of available
data and copies as much data as is available, writing zeroes for any unavailable
amount.
Conversion of bools didn't use memcpy, so the raw pointer is checked against
maxSrcPtr and only dereferenced if valid, otherwise zero is used.
This has been tested with ASan and UBSan enabled against the OpenGL dEQP tests
for Uniform Buffer Objects in ANGLE.
* Source/ThirdParty/ANGLE/changes.diff:
- Ran `update-angle --regenerate-changes-diff`.
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm:
Originally-landed-as: 259548.667 at safari-7615-branch (4aa8750579fb). rdar://106964250
Canonical link: https://commits.webkit.org/265481@main
More information about the webkit-changes
mailing list