[Webkit-unassigned] [Bug 249633] WebGLRenderingContextBase::copyTexImage2D does not handle "GCGLint level" parameter
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 22 00:49:29 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=249633
--- Comment #6 from byao <bing.yao at commscope.com> ---
We are really using the older version webkit, but I also checked the latest version webkit it has the same codes which I pasted below.
void WebGLRenderingContextBase::copyTexImage2D(GCGLenum target, GCGLint level, GCGLenum internalFormat, GCGLint x, GCGLint y, GCGLsizei width, GCGLsizei height, GCGLint border)
{
...
// FIXME: if the framebuffer is not complete, none of the below should be executed.
tex->setLevelInfo(target, level, internalFormat, width, height, GraphicsContextGL::UNSIGNED_BYTE);
...
}
void WebGLTexture::setLevelInfo(GCGLenum target, GCGLint level, GCGLenum internalFormat, GCGLsizei width, GCGLsizei height, GCGLenum type)
{
...
m_info[index][level].setInfo(internalFormat, width, height, type);
...
}
It possibly uses minus level as the array index then cause the crash.
Hopefully it is helpful to you!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221222/65b71c74/attachment.htm>
More information about the webkit-unassigned
mailing list