[Webkit-unassigned] [Bug 211942] [GTK][WPE] webgl/1.0.3/conformance/more/functions/copyTexImage2DBadArgs.html is crashing
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 10 08:40:33 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=211942
--- Comment #3 from michal.kobylecki at youview.com ---
Hi,
do you plan to deliver a fix for this issue?
I've come across it when running WebGL 1.0.3 tests on WPE 2.34.7.
The analysis showed the reason is missing handling of incorrect level value which in the case of copyTexImage2DBadArgs test is -1.
This further led to trying to access the vector element with index -1 and it ends up with a crash of course.
I've worked out a potential fix (please see attached patch).
It seems like it worked like that in the past but level value validation was removed at some point (see https://github.com/WebKit/WebKit/commit/96238bc353a16de3a120ebe925ecea631e97abd2#diff-559cea90f946de8eaeb87bb35e630916000e561eb725964fef24b902630b380fL4745).
Thank you in advance.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220510/47c5c9c8/attachment.htm>
More information about the webkit-unassigned
mailing list