[webkit-changes] [WebKit/WebKit] 06f758: [WebGPU] Release assertion triggered when offset +...
mwyrzykowski
noreply at github.com
Mon Feb 10 20:02:36 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 06f75863a83f7072c92d04fde7daba7201894a73
https://github.com/WebKit/WebKit/commit/06f75863a83f7072c92d04fde7daba7201894a73
Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
Date: 2025-02-10 (Mon, 10 Feb 2025)
Changed paths:
A LayoutTests/fast/webgpu/nocrash/fuzz-287418-expected.txt
A LayoutTests/fast/webgpu/nocrash/fuzz-287418.html
M Source/WebGPU/WebGPU/Buffer.mm
Log Message:
-----------
[WebGPU] Release assertion triggered when offset + size > bufferSize
https://bugs.webkit.org/show_bug.cgi?id=287418
rdar://144542281
Reviewed by Tadeu Zagallo.
We triggered a release assertion created the span when the buffer offset
plus the size of the type exceeded the buffer's length.
Check for this and early return. It is an error for the website to do this,
but we don't want to crash the GPU process.
* LayoutTests/fast/webgpu/nocrash/fuzz-287418-expected.txt: Added.
* LayoutTests/fast/webgpu/nocrash/fuzz-287418.html: Added.
Add regression test.
* Source/WebGPU/WebGPU/Buffer.mm:
(WebGPU::Buffer::takeSlowIndirectIndexValidationPath):
Canonical link: https://commits.webkit.org/290195@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list