[webkit-changes] [WebKit/WebKit] 760570: [WebGPU] GPUDevice bindGroup cache does not handle...
mwyrzykowski
noreply at github.com
Thu Jan 23 15:31:55 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 7605701f47be57dda96ead432207538a743d2302
https://github.com/WebKit/WebKit/commit/7605701f47be57dda96ead432207538a743d2302
Author: Mike Wyrzykowski <mwyrzykowski at apple.com>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
A LayoutTests/fast/webgpu/nocrash/fuzz-286407-expected.txt
A LayoutTests/fast/webgpu/nocrash/fuzz-286407.html
M Source/WebCore/Modules/WebGPU/GPUBindGroupEntry.h
Log Message:
-----------
[WebGPU] GPUDevice bindGroup cache does not handle buffers with different offsets
https://bugs.webkit.org/show_bug.cgi?id=286407
rdar://143114463
Reviewed by Cameron McCormack.
The GPUDevice GPUBindGroup cache incorrectly reused bind groups with
the same buffer but different offsets and sizes. Reuse should only be
applied to identical offsets and sizes otherwise and OOB read may occur.
* LayoutTests/fast/webgpu/nocrash/fuzz-286407-expected.txt: Added.
* LayoutTests/fast/webgpu/nocrash/fuzz-286407.html: Added.
Add regression test.
* Source/WebCore/Modules/WebGPU/GPUBindGroupEntry.h:
(WebCore::GPUBindGroupEntry::equalSizes):
(WebCore::GPUBindGroupEntry::equal):
Unlike GPUTexture, GPUSampler, and GPUExternalTextures, GPUBuffers
may specificy an offset into the buffer.
Canonical link: https://commits.webkit.org/289317@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list