[webkit-changes] [WebKit/WebKit] 543bc8: [WGSL] Type::size can overflow
Tadeu Zagallo
noreply at github.com
Thu May 23 08:33:08 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 543bc8506d61350573b54b6bdd0667e0322d2dfc
https://github.com/WebKit/WebKit/commit/543bc8506d61350573b54b6bdd0667e0322d2dfc
Author: Tadeu Zagallo <tzagallo at apple.com>
Date: 2024-05-23 (Thu, 23 May 2024)
Changed paths:
A LayoutTests/fast/webgpu/fuzz-128381161-expected.txt
A LayoutTests/fast/webgpu/fuzz-128381161.html
M Source/WebGPU/WGSL/AttributeValidator.cpp
M Source/WebGPU/WGSL/Parser.cpp
M Source/WebGPU/WGSL/Types.cpp
A Source/WebGPU/WGSL/tests/invalid/struct-parse.wgsl
Log Message:
-----------
[WGSL] Type::size can overflow
https://bugs.webkit.org/show_bug.cgi?id=274395
rdar://128381161
Reviewed by Mike Wyrzykowski.
We use 32-bit values to represent the byte size of types, and that can overflow when
computing the size of structs or arrays. That is not a problem in practice, as the
size of buffers is limited by the API, so we just clamp the numbers to uint_max.
* LayoutTests/fast/webgpu/fuzz-128381161-expected.txt: Added.
* LayoutTests/fast/webgpu/fuzz-128381161.html: Added.
* Source/WebGPU/WGSL/AttributeValidator.cpp:
(WGSL::AttributeValidator::visit):
* Source/WebGPU/WGSL/Parser.cpp:
(WGSL::Parser<Lexer>::parseStructure):
* Source/WebGPU/WGSL/Types.cpp:
(WGSL::Type::size const):
* Source/WebGPU/WGSL/tests/invalid/struct-parse.wgsl: Added.
Canonical link: https://commits.webkit.org/279204@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list