[webkit-changes] [WebKit/WebKit] 20ad90: [WebGPU] beginOcclusionQuery validation is incorre...

[mwyrzykowski]

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 20ad90c434666ab8d8d0f83ef0ecc9718e5cd131
      https://github.com/WebKit/WebKit/commit/20ad90c434666ab8d8d0f83ef0ecc9718e5cd131
  Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
  Date:   2025-02-04 (Tue, 04 Feb 2025)

  Changed paths:
    A LayoutTests/fast/webgpu/nocrash/fuzz-286933-expected.txt
    A LayoutTests/fast/webgpu/nocrash/fuzz-286933.html
    M Source/WebGPU/WebGPU/RenderPassEncoder.mm

  Log Message:
  -----------
  [WebGPU] beginOcclusionQuery validation is incorrect for 'queryIndex < this.[[occlusion_query_set]].count.'
https://bugs.webkit.org/show_bug.cgi?id=286933#
rdar://144077088

Reviewed by Tadeu Zagallo.

Section 17.2.3 of the WebGPU specification https://www.w3.org/TR/webgpu/#render-pass-encoder-queries
says:

    queryIndex < this.[[occlusion_query_set]].count.

which was previously implemented as 'queryIndex * 8 < bufferSize'.

However, for a QuerySet with 0 elements, it has a buffer size of 1 since
Device::safeCreateBuffer is implemented as:

    [m_device newBufferWithLength:std::max<NSUInteger>(1, length) options:resourceOptions];

and when passing queryIndex=0 to beginOcclusionQuery, we note:

    0 * 8 < 1 -> true

however, as the query set has zero elements, that is incorrect. The new logic will test:
    0 < 1 / 8 => 0 < 0 -> false

as desired.

* LayoutTests/fast/webgpu/nocrash/fuzz-286933-expected.txt: Added.
* LayoutTests/fast/webgpu/nocrash/fuzz-286933.html: Added.
Add regression test.

* Source/WebGPU/WebGPU/RenderPassEncoder.mm:
(WebGPU::RenderPassEncoder::beginOcclusionQuery):

Canonical link: https://commits.webkit.org/289856@main



To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications