Changeset 207221 in webkit
- Timestamp:
- Oct 12, 2016 9:50:24 AM (8 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
-
ChangeLog (modified) (1 diff)
-
html/canvas/WebGLRenderingContextBase.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r207220 r207221 1 2016-10-12 Brent Fulgham <bfulgham@apple.com> 2 3 [WebGL] Revise vertex array attribute checks to account for lazy memory allocation. 4 https://bugs.webkit.org/show_bug.cgi?id=163149 5 <rdar://problem/28629774> 6 7 Reviewed by Dean Jackson. 8 9 Tested by fast/canvas/webgl/webgl-drawarrays-crash-2.html 10 11 * html/canvas/WebGLRenderingContextBase.cpp: 12 (WebCore::WebGLRenderingContextBase::validateVertexAttributes): 13 1 14 2016-10-12 Wenson Hsieh <wenson_hsieh@apple.com> 2 15 -
trunk/Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp
r205405 r207221 1757 1757 return false; 1758 1758 1759 bool usingSimulatedArrayBuffer = m_currentProgram->isUsingVertexAttrib0(); 1760 1759 1761 // Guard against access into non-existent buffers. 1760 if (elementCount && !sawEnabledAttrib && ! m_currentProgram->isUsingVertexAttrib0())1762 if (elementCount && !sawEnabledAttrib && !usingSimulatedArrayBuffer) 1761 1763 return false; 1762 1764 1763 1765 if (elementCount && sawEnabledAttrib) { 1764 if (!m_boundArrayBuffer && !m_boundVertexArrayObject->getElementArrayBuffer()) 1766 if (!m_boundArrayBuffer && !m_boundVertexArrayObject->getElementArrayBuffer()) { 1767 if (usingSimulatedArrayBuffer) { 1768 auto& state = m_boundVertexArrayObject->getVertexAttribState(0); 1769 if (state.enabled && state.isBound()) { 1770 if (state.bufferBinding->getTarget() == GraphicsContext3D::ARRAY_BUFFER || state.bufferBinding->getTarget() == GraphicsContext3D::ELEMENT_ARRAY_BUFFER) 1771 return !!state.bufferBinding->byteLength(); 1772 } 1773 } 1765 1774 return false; 1775 } 1766 1776 } 1767 1777
Note: See TracChangeset
for help on using the changeset viewer.
