[webkit-changes] [WebKit/WebKit] 2d30b5: [WGSL] Type::size can still overflow
Tadeu Zagallo
noreply at github.com
Mon May 27 03:16:36 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 2d30b56d45745db5beeae7129a46e6c1fb39e7a0
https://github.com/WebKit/WebKit/commit/2d30b56d45745db5beeae7129a46e6c1fb39e7a0
Author: Tadeu Zagallo <tzagallo at apple.com>
Date: 2024-05-27 (Mon, 27 May 2024)
Changed paths:
A LayoutTests/fast/webgpu/fuzz-128677742-expected.txt
A LayoutTests/fast/webgpu/fuzz-128677742.html
M Source/WebGPU/WGSL/Types.cpp
Log Message:
-----------
[WGSL] Type::size can still overflow
https://bugs.webkit.org/show_bug.cgi?id=274669
rdar://128677742
Reviewed by Mike Wyrzykowski.
In 279204 at main I added checks for overflow in Type::size, but I missed the case where
`array.element->size()` returns uint_max, and rounding it up to the alignment returns 0.
* LayoutTests/fast/webgpu/fuzz-128677742-expected.txt: Added.
* LayoutTests/fast/webgpu/fuzz-128677742.html: Added.
* Source/WebGPU/WGSL/Types.cpp:
(WGSL::Type::size const):
Canonical link: https://commits.webkit.org/279343@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list