[webkit-changes] [WebKit/WebKit] fd71e6: [WGSL] Context should be a pointer into the vector...
Tadeu Zagallo
noreply at github.com
Fri Jan 26 08:15:29 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: fd71e60136fe19a17c8cb10589afe14b6cdce089
https://github.com/WebKit/WebKit/commit/fd71e60136fe19a17c8cb10589afe14b6cdce089
Author: Tadeu Zagallo <tzagallo at apple.com>
Date: 2024-01-26 (Fri, 26 Jan 2024)
Changed paths:
M Source/WebGPU/WGSL/ContextProvider.h
M Source/WebGPU/WGSL/ContextProviderInlines.h
Log Message:
-----------
[WGSL] Context should be a pointer into the vector buffer
https://bugs.webkit.org/show_bug.cgi?id=268089
rdar://121447015
Reviewed by Mike Wyrzykowski.
Pointing into the buffer directly can lead to a UAF if the vector gets resized, so
we store a unique_ptr in the vector and use that instead.
* Source/WebGPU/WGSL/ContextProvider.h:
* Source/WebGPU/WGSL/ContextProviderInlines.h:
(WGSL::ContextProvider<Value>::ContextScope::ContextScope):
Canonical link: https://commits.webkit.org/273561@main
More information about the webkit-changes
mailing list