[webkit-changes] [WebKit/WebKit] 752217: [ANGLE] UBO convert only whole block
Dan Glastonbury
noreply at github.com
Mon May 22 14:02:30 PDT 2023
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 752217c5a3e5a505e30d85337034756ab682e0f1
https://github.com/WebKit/WebKit/commit/752217c5a3e5a505e30d85337034756ab682e0f1
Author: Dan Glastonbury <djg at apple.com>
Date: 2023-05-22 (Mon, 22 May 2023)
Changed paths:
M Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm
Log Message:
-----------
[ANGLE] UBO convert only whole block
rdar://106964250
Reviewed by Dean Jackson.
OpenGL doesn't guarantee that the buffer backing uniform blocks needs to be a
multiple of the block size. When converting OpenGL layout blocks to Metal
layout, ConvertUniformBufferData is rounding up the size of the backing buffer
to a multiple of the block size which leads to reading out of bounds.
To ensure we don't read outside the source buffer, this change replaces calls to
`memcpy` with `memcpy_guarded` which accepts a pointer to the limit of available
data and copies as much data as is available, writing zeroes for any unavailable
amount.
Conversion of bools didn't use memcpy, so the raw pointer is checked against
maxSrcPtr and only dereferenced if valid, otherwise zero is used.
This has been tested with ASan and UBSan enabled against the OpenGL dEQP tests
for Uniform Buffer Objects in ANGLE.
* Source/ThirdParty/ANGLE/src/libANGLE/renderer/metal/ProgramMtl.mm:
Originally-landed-as: 259548.667 at safari-7615-branch (4aa8750579fb). rdar://106964250
Canonical link: https://commits.webkit.org/264375@main
More information about the webkit-changes
mailing list