[webkit-changes] [WebKit/WebKit] 56f1fb: [WebGPU] missing useResources: call leads to out o...

mwyrzykowski noreply at github.com
Fri Dec 6 20:54:16 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 56f1fb5d4d01992f182c13e6a77ee71a4eae4a12
      https://github.com/WebKit/WebKit/commit/56f1fb5d4d01992f182c13e6a77ee71a4eae4a12
  Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
  Date:   2024-12-06 (Fri, 06 Dec 2024)

  Changed paths:
    A LayoutTests/fast/webgpu/nocrash/fuzz-284126-expected.txt
    A LayoutTests/fast/webgpu/nocrash/fuzz-284126.html
    M Source/WebGPU/WebGPU/RenderBundleEncoder.h
    M Source/WebGPU/WebGPU/RenderBundleEncoder.mm
    M Source/WebGPU/WebGPU/RenderPassEncoder.mm

  Log Message:
  -----------
  [WebGPU] missing useResources: call leads to out of bounds read
https://bugs.webkit.org/show_bug.cgi?id=284126
rdar://140803271

Reviewed by Tadeu Zagallo.

Missing useResource: call resulted in a buffer potentially not being resident.

Writing to that buffer which was not resident caused an out of bounds write.

* LayoutTests/fast/webgpu/nocrash/fuzz-284126-expected.txt: Added.
* LayoutTests/fast/webgpu/nocrash/fuzz-284126.html: Added.
Add regression test.

* Source/WebGPU/WebGPU/RenderBundleEncoder.h:
* Source/WebGPU/WebGPU/RenderBundleEncoder.mm:
(-[RenderBundleICBWithResources initWithICB:containerBuffer:pipelineState:depthStencilState:cullMode:frontFace:depthClipMode:depthBias:depthBiasSlopeScale:depthBiasClamp:fragmentDynamicOffsetsBuffer:pipeline:minVertexCounts:outOfBoundsReadFlag:]):
(WebGPU::makeRenderBundleICBWithResources):
(-[RenderBundleICBWithResources initWithICB:containerBuffer:pipelineState:depthStencilState:cullMode:frontFace:depthClipMode:depthBias:depthBiasSlopeScale:depthBiasClamp:fragmentDynamicOffsetsBuffer:pipeline:minVertexCounts:]): Deleted.
* Source/WebGPU/WebGPU/RenderPassEncoder.mm:
(WebGPU::RenderPassEncoder::executeBundles):

Call useResource: to ensure the MTLBuffer and MTLIndirectCommandBuffer are both resident.
Canonical link: https://commits.webkit.org/287492@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list