[webkit-changes] [WebKit/WebKit] e6d5e1: [WebGPU] Index buffer can read outside the range o...

mwyrzykowski noreply at github.com
Wed May 22 22:47:56 PDT 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e6d5e1a6604e5aa2b7786e3f40859274b6353c90
      https://github.com/WebKit/WebKit/commit/e6d5e1a6604e5aa2b7786e3f40859274b6353c90
  Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
  Date:   2024-05-22 (Wed, 22 May 2024)

  Changed paths:
    M Source/WebGPU/WebGPU/BindableResource.h
    M Source/WebGPU/WebGPU/Buffer.h
    M Source/WebGPU/WebGPU/Buffer.mm
    M Source/WebGPU/WebGPU/CommandEncoder.h
    M Source/WebGPU/WebGPU/CommandEncoder.mm
    M Source/WebGPU/WebGPU/ComputePassEncoder.mm
    M Source/WebGPU/WebGPU/Device.h
    M Source/WebGPU/WebGPU/Device.mm
    M Source/WebGPU/WebGPU/Pipeline.mm
    M Source/WebGPU/WebGPU/RenderBundleEncoder.h
    M Source/WebGPU/WebGPU/RenderBundleEncoder.mm
    M Source/WebGPU/WebGPU/RenderPassEncoder.h
    M Source/WebGPU/WebGPU/RenderPassEncoder.mm

  Log Message:
  -----------
  [WebGPU] Index buffer can read outside the range of a vertex buffer
https://bugs.webkit.org/show_bug.cgi?id=273828
<radar://127672770>

Reviewed by Tadeu Zagallo.

Prevent out of bounds accesses into vertex buffers via drawIndexed,
drawIndirect, and drawIndexedIndirect by running a non-rasterizing
vertex shader immedietly before the draw call.

ICB path rewrites the ICB render commands to avoid out of bounds
accesses.

* Source/WebGPU/WebGPU/BindableResource.h:
* Source/WebGPU/WebGPU/Buffer.h:
* Source/WebGPU/WebGPU/Buffer.mm:
(WebGPU::Buffer::Buffer):
(WebGPU::Buffer::maxIndex const):
(WebGPU::Buffer::indirectBuffer const):
(WebGPU::Buffer::indirectIndexedBuffer const):
(WebGPU::Buffer::indirectBufferRequiresRecomputation const):
(WebGPU::Buffer::indirectBufferRecomputed):
(WebGPU::Buffer::indirectBufferInvalidated):
(WebGPU::Buffer::recomputeMaxIndexValues const): Deleted.
* Source/WebGPU/WebGPU/CommandEncoder.h:
* Source/WebGPU/WebGPU/CommandEncoder.mm:
(WebGPU::CommandEncoder::copyBufferToBuffer):
(WebGPU::CommandEncoder::copyTextureToBuffer):
(WebGPU::CommandEncoder::clearBuffer):
* Source/WebGPU/WebGPU/ComputePassEncoder.mm:
(WebGPU::addResourceToActiveResources):
(WebGPU::ComputePassEncoder::runPredispatchIndirectCallValidation):
(WebGPU::setCommandEncoder):
* Source/WebGPU/WebGPU/Device.h:
* Source/WebGPU/WebGPU/Device.mm:
(WebGPU::GPUFrameCapture::captureFrame):
(WebGPU::Device::dispatchCallBuffer):
(WebGPU::Device::dispatchCallPipelineState):
(WebGPU::Device::copyIndexIndirectArgsPipeline):
(wgpuDeviceReference): Deleted.
(wgpuDeviceRelease): Deleted.
(wgpuDeviceCreateBindGroup): Deleted.
(wgpuDeviceCreateBindGroupLayout): Deleted.
(wgpuDeviceCreateBuffer): Deleted.
(wgpuDeviceCreateCommandEncoder): Deleted.
(wgpuDeviceCreateComputePipeline): Deleted.
(wgpuDeviceCreateComputePipelineAsync): Deleted.
(wgpuDeviceCreateComputePipelineAsyncWithBlock): Deleted.
(wgpuDeviceCreatePipelineLayout): Deleted.
(wgpuDeviceCreateQuerySet): Deleted.
(wgpuDeviceCreateRenderBundleEncoder): Deleted.
(wgpuDeviceCreateRenderPipeline): Deleted.
(wgpuDeviceCreateRenderPipelineAsync): Deleted.
(wgpuDeviceCreateRenderPipelineAsyncWithBlock): Deleted.
(wgpuDeviceCreateSampler): Deleted.
(wgpuDeviceImportExternalTexture): Deleted.
(wgpuDeviceCreateShaderModule): Deleted.
(wgpuDeviceCreateSwapChain): Deleted.
(wgpuDeviceCreateTexture): Deleted.
(wgpuDeviceDestroy): Deleted.
(wgpuDeviceEnumerateFeatures): Deleted.
(wgpuDeviceGetLimits): Deleted.
(wgpuDeviceGetQueue): Deleted.
(wgpuDeviceHasFeature): Deleted.
(wgpuDevicePopErrorScope): Deleted.
(wgpuDevicePopErrorScopeWithBlock): Deleted.
(wgpuDevicePushErrorScope): Deleted.
(wgpuDeviceSetDeviceLostCallback): Deleted.
(wgpuDeviceSetDeviceLostCallbackWithBlock): Deleted.
(wgpuDeviceSetUncapturedErrorCallback): Deleted.
(wgpuDeviceSetUncapturedErrorCallbackWithBlock): Deleted.
(wgpuDeviceSetLabel): Deleted.
* Source/WebGPU/WebGPU/Pipeline.mm:
(WebGPU::validateBindGroup):
* Source/WebGPU/WebGPU/RenderBundleEncoder.h:
* Source/WebGPU/WebGPU/RenderBundleEncoder.mm:
(-[RenderBundleICBWithResources initWithICB:containerBuffer:pipelineState:depthStencilState:cullMode:frontFace:depthClipMode:depthBias:depthBiasSlopeScale:depthBiasClamp:fragmentDynamicOffsetsBuffer:pipeline:]):
(-[RenderBundleICBWithResources minVertexCountForDrawCommand]):
(WebGPU::makeRenderBundleICBWithResources):
(WebGPU::RenderBundleEncoder::addResource):
(WebGPU::RenderBundleEncoder::computeMininumVertexCount const):
(WebGPU::RenderBundleEncoder::storeVertexBufferCountsForValidation):
(WebGPU::RenderBundleEncoder::drawIndexed):
(WebGPU::RenderBundleEncoder::drawIndexedIndirect):
(WebGPU::RenderBundleEncoder::drawIndirect):
(WebGPU::RenderBundleEncoder::endCurrentICB):
(WebGPU::RenderBundleEncoder::setIndexBuffer):
(WebGPU::RenderBundleEncoder::setVertexBuffer):
(-[RenderBundleICBWithResources initWithICB:pipelineState:depthStencilState:cullMode:frontFace:depthClipMode:depthBias:depthBiasSlopeScale:depthBiasClamp:fragmentDynamicOffsetsBuffer:pipeline:]): Deleted.
* Source/WebGPU/WebGPU/RenderPassEncoder.h:
* Source/WebGPU/WebGPU/RenderPassEncoder.mm:
(WebGPU::m_maxDrawCount):
(WebGPU::RenderPassEncoder::addResourceToActiveResources):
(WebGPU::RenderPassEncoder::computeMininumVertexCount const):
(WebGPU::RenderPassEncoder::clampIndexBufferToValidValues):
(WebGPU::RenderPassEncoder::clampIndirectIndexBufferToValidValues):
(WebGPU::RenderPassEncoder::clampIndirectBufferToValidValues):
(WebGPU::RenderPassEncoder::drawIndexed):
(WebGPU::RenderPassEncoder::drawIndexedIndirect):
(WebGPU::RenderPassEncoder::drawIndirect):
(WebGPU::RenderPassEncoder::setCommandEncoder):
(WebGPU::RenderPassEncoder::executeBundles):

Canonical link: https://commits.webkit.org/279182@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications

More information about the webkit-changes mailing list