Changeset 287807 in webkit


Ignore:
Timestamp:
Jan 7, 2022, 8:09:48 PM (4 years ago)
Author:
Brent Fulgham
Message:

[Hardening] Improve multi draw offset validation
https://bugs.webkit.org/show_bug.cgi?id=234966
<rdar://problem/86814830>

Reviewed by Darin Adler.

Incorporate draw count into validation of the offset.

  • html/canvas/WebGLMultiDraw.cpp:

(WebCore::WebGLMultiDraw::validateOffset):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r287805 r287807  
     12022-01-07  Brent Fulgham  <bfulgham@apple.com>
     2
     3        [Hardening] Improve multi draw offset validation
     4        https://bugs.webkit.org/show_bug.cgi?id=234966
     5        <rdar://problem/86814830>
     6
     7        Reviewed by Darin Adler.
     8
     9        Incorporate draw count into validation of the offset.
     10
     11        * html/canvas/WebGLMultiDraw.cpp:
     12        (WebCore::WebGLMultiDraw::validateOffset):
     13
    1142022-01-07  Myles C. Maxfield  <mmaxfield@apple.com>
    215

  • trunk/Source/WebCore/html/canvas/WebGLMultiDraw.cpp

    r271679 r287807  
    136136    }
    137137
    138     if (offset >= static_cast<GCGLuint>(size)) {
     138    if (offset >= static_cast<GCGLuint>(size - drawcount)) {
    139139        m_context->synthesizeGLError(GraphicsContextGL::INVALID_OPERATION, functionName, outOfBoundsDescription);
    140140        return false;
Note: See TracChangeset for help on using the changeset viewer.