[Webkit-unassigned] [Bug 112354] New: [BlackBerry] Resolves 3 WebGL conformance suite crashes.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Mar 14 08:42:14 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=112354

           Summary: [BlackBerry] Resolves 3 WebGL conformance suite
                    crashes.
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Other
        OS/Version: Other
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebGL
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jfeldstein at rim.com


Resolves 3 WebGL conformance suite crashes, namely:
- oes-texture-float-with-canvas
- oes-texture-float-with-image
- oes-texture-float-with-video

This bug occurs as a result of trying to create a texture with
texImage2D with either a provided floating point canvas, image,
or video. The issue occurs because a vector used to store this
texture is resized to width * height * 4 which is large enough
for non-floating point images, but is not large enough for
floating ones. ie. an RGBA floating point image is of size:
width * height * 4 * sizeof(float). As a result of having a
vector that is too small to hold the image contents, we end up
writing beyond the end of the vector which results in a variety
of different crashes depending on where in memory we end up
writing to. Additionally, needless amount of space are
allocated for smaller images. ie. an RGB image of unsigned
bytes only requires width * height * 3 bytes of space. This
commit also makes sure that the vector is resized to the exact
size that is needed to fit the provided image.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list