[Webkit-unassigned] [Bug 250862] New: validateTexFuncData is getting passed the entire WASM ArrayBuffer instead of the texture buffer

Thu Jan 19 14:13:16 PST 2023

https://bugs.webkit.org/show_bug.cgi?id=250862

            Bug ID: 250862
           Summary: validateTexFuncData is getting passed the entire WASM
                    ArrayBuffer instead of the texture buffer
           Product: WebKit
           Version: Safari 16
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Major
          Priority: P2
         Component: WebGL
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ruba.merza at unity3d.com
                CC: dino at apple.com, kbr at google.com, kkinnunen at apple.com

Created attachment 464566

  --> https://bugs.webkit.org/attachment.cgi?id=464566&action=review

Unity build that breaks on iOS 16.2

We've observed Unity WebGL applications crashing during loading in iOS 16. 

We did some investigating and found that in Webkit's WebGLRenderingContextBase::validateTexFuncData() function, the byteLength being returned is the WASM heap size and not the image size when using the WebGL2 srcOffset variant of glTexSubImage2D, which we believe is the cause of the memory issue that's then crashing the Unity application.

I'm attaching a project where we've set the Total Memory to 768 MB, and it immediately crashes on Safari in iOS 16.2, as well as a screenshot showing byteLength returning the size of the WASM array buffer.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230119/b5a60213/attachment.htm>