[webkit-changes] [WebKit/WebKit] bdc472: [WebGPU] out of bounds access in drawIndirect call
mwyrzykowski
noreply at github.com
Wed Jun 5 01:15:38 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: bdc472fd3321132aaedd43a89572dfc21722697c
https://github.com/WebKit/WebKit/commit/bdc472fd3321132aaedd43a89572dfc21722697c
Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
Date: 2024-06-05 (Wed, 05 Jun 2024)
Changed paths:
A LayoutTests/fast/webgpu/regression/repro_274994-expected.txt
A LayoutTests/fast/webgpu/regression/repro_274994.html
A LayoutTests/fast/webgpu/regression/repro_274994b-expected.txt
A LayoutTests/fast/webgpu/regression/repro_274994b.html
M Source/WebGPU/WebGPU/BindableResource.h
M Source/WebGPU/WebGPU/Buffer.h
M Source/WebGPU/WebGPU/Buffer.mm
M Source/WebGPU/WebGPU/Device.mm
M Source/WebGPU/WebGPU/RenderBundleEncoder.h
M Source/WebGPU/WebGPU/RenderBundleEncoder.mm
M Source/WebGPU/WebGPU/RenderPassEncoder.h
M Source/WebGPU/WebGPU/RenderPassEncoder.mm
Log Message:
-----------
[WebGPU] out of bounds access in drawIndirect call
https://bugs.webkit.org/show_bug.cgi?id=274994
<radar://129061487>
Reviewed by Dan Glastonbury.
Instance counts were not being validated in indirect calls, leading to out of
bounds buffer accesses.
* LayoutTests/fast/webgpu/regression/repro_274994-expected.txt: Added.
* LayoutTests/fast/webgpu/regression/repro_274994.html: Added.
* LayoutTests/fast/webgpu/regression/repro_274994b-expected.txt: Added.
* LayoutTests/fast/webgpu/regression/repro_274994b.html: Added.
Add regression tests.
* Source/WebGPU/WebGPU/BindableResource.h:
* Source/WebGPU/WebGPU/Buffer.h:
* Source/WebGPU/WebGPU/Buffer.mm:
(WebGPU::Buffer::indirectBufferRequiresRecomputation const):
(WebGPU::Buffer::indirectBufferRecomputed):
(WebGPU::Buffer::indirectBufferInvalidated):
* Source/WebGPU/WebGPU/Device.mm:
(WebGPU::Device::copyIndexIndirectArgsPipeline):
* Source/WebGPU/WebGPU/RenderBundleEncoder.h:
* Source/WebGPU/WebGPU/RenderBundleEncoder.mm:
(WebGPU::RenderBundleEncoder::computeMininumVertexInstanceCount const):
(WebGPU::RenderBundleEncoder::storeVertexBufferCountsForValidation):
(WebGPU::RenderBundleEncoder::drawIndexedIndirect):
(WebGPU::RenderBundleEncoder::drawIndirect):
(WebGPU::RenderBundleEncoder::computeMininumVertexCount const): Deleted.
* Source/WebGPU/WebGPU/RenderPassEncoder.h:
* Source/WebGPU/WebGPU/RenderPassEncoder.mm:
(WebGPU::RenderPassEncoder::computeMininumVertexInstanceCount const):
(WebGPU::RenderPassEncoder::clampIndexBufferToValidValues):
(WebGPU::RenderPassEncoder::clampIndirectIndexBufferToValidValues):
(WebGPU::RenderPassEncoder::clampIndirectBufferToValidValues):
(WebGPU::RenderPassEncoder::drawIndexedIndirect):
(WebGPU::RenderPassEncoder::drawIndirect):
(WebGPU::RenderPassEncoder::executeBundles):
(WebGPU::RenderPassEncoder::computeMininumVertexCount const): Deleted.
Canonical link: https://commits.webkit.org/279730@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list