Diff
Modified: trunk/LayoutTests/ChangeLog (116220 => 116221)
--- trunk/LayoutTests/ChangeLog 2012-05-05 12:24:28 UTC (rev 116220)
+++ trunk/LayoutTests/ChangeLog 2012-05-05 14:51:39 UTC (rev 116221)
@@ -1,3 +1,13 @@
+2012-05-05 Zhenyao Mo <z...@google.com>
+
+ vertexAttribPointer needs to reject large negative offsets
+ https://bugs.webkit.org/show_bug.cgi?id=85117
+
+ Reviewed by Kenneth Russell.
+
+ * fast/canvas/webgl/index-validation-expected.txt:
+ * fast/canvas/webgl/index-validation.html: Add a test case for large negative offset.
+
2012-05-05 'Pavel Feldman' <pfeld...@chromium.org>
Not reviewed: follow up to r116216, fixing the inspector test.
Modified: trunk/LayoutTests/fast/canvas/webgl/index-validation-expected.txt (116220 => 116221)
--- trunk/LayoutTests/fast/canvas/webgl/index-validation-expected.txt 2012-05-05 12:24:28 UTC (rev 116220)
+++ trunk/LayoutTests/fast/canvas/webgl/index-validation-expected.txt 2012-05-05 14:51:39 UTC (rev 116221)
@@ -4,27 +4,29 @@
Testing with valid indices
PASS gl.checkFramebufferStatus(gl.FRAMEBUFFER) is gl.FRAMEBUFFER_COMPLETE
-PASS gl.getError() is 0
+PASS getError was expected value: NO_ERROR :
PASS gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0) is undefined.
-PASS gl.getError() is 0
+PASS getError was expected value: NO_ERROR :
Testing with out-of-range indices
Enable vertices, valid
-PASS gl.getError() is 0
+PASS getError was expected value: NO_ERROR :
PASS gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0) is undefined.
-PASS gl.getError() is 0
+PASS getError was expected value: NO_ERROR :
Enable normals, out-of-range
-PASS gl.getError() is 0
+PASS getError was expected value: NO_ERROR :
PASS gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0) is undefined.
-PASS gl.getError() is gl.INVALID_OPERATION
+PASS getError was expected value: INVALID_OPERATION :
Test with enabled attribute that does not belong to current program
Enable an extra attribute with null
-PASS gl.getError() is 0
+PASS getError was expected value: NO_ERROR :
PASS gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0) is undefined.
-PASS gl.getError() is gl.INVALID_OPERATION
+PASS getError was expected value: INVALID_OPERATION :
Enable an extra attribute with insufficient data buffer
-PASS gl.getError() is 0
+PASS getError was expected value: NO_ERROR :
PASS gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0) is undefined.
-PASS gl.getError() is 0
+Pass large negative index to vertexAttribPointer
+PASS getError was expected value: INVALID_VALUE :
+PASS gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0) is undefined.
PASS successfullyParsed is true
TEST COMPLETE
Modified: trunk/LayoutTests/fast/canvas/webgl/index-validation.html (116220 => 116221)
--- trunk/LayoutTests/fast/canvas/webgl/index-validation.html 2012-05-05 12:24:28 UTC (rev 116220)
+++ trunk/LayoutTests/fast/canvas/webgl/index-validation.html 2012-05-05 14:51:39 UTC (rev 116221)
@@ -1,5 +1,8 @@
+<!DOCTYPE html>
<html>
<head>
+<meta charset="utf-8">
+<link rel="stylesheet" href=""
<script src=""
<script src=""
</head>
@@ -60,9 +63,9 @@
gl.vertexAttribPointer(normalLoc, 3, gl.FLOAT, false, 7 * sizeInBytes(gl.FLOAT), 4 * sizeInBytes(gl.FLOAT));
gl.enableVertexAttribArray(normalLoc);
shouldBe('gl.checkFramebufferStatus(gl.FRAMEBUFFER)', 'gl.FRAMEBUFFER_COMPLETE');
-shouldBe('gl.getError()', '0');
+glErrorShouldBe(gl, gl.NO_ERROR);
shouldBeUndefined('gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0)');
-shouldBe('gl.getError()', '0');
+glErrorShouldBe(gl, gl.NO_ERROR);
debug("Testing with out-of-range indices");
@@ -73,15 +76,15 @@
gl.enableVertexAttribArray(vertexLoc);
gl.disableVertexAttribArray(normalLoc);
debug("Enable vertices, valid");
-shouldBe('gl.getError()', '0');
+glErrorShouldBe(gl, gl.NO_ERROR);
shouldBeUndefined('gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0)');
-shouldBe('gl.getError()', '0');
+glErrorShouldBe(gl, gl.NO_ERROR);
debug("Enable normals, out-of-range");
gl.vertexAttribPointer(normalLoc, 3, gl.FLOAT, false, 7 * sizeInBytes(gl.FLOAT), 4 * sizeInBytes(gl.FLOAT));
gl.enableVertexAttribArray(normalLoc);
-shouldBe('gl.getError()', '0');
+glErrorShouldBe(gl, gl.NO_ERROR);
shouldBeUndefined('gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0)');
-shouldBe('gl.getError()', 'gl.INVALID_OPERATION');
+glErrorShouldBe(gl, gl.INVALID_OPERATION);
debug("Test with enabled attribute that does not belong to current program");
@@ -89,14 +92,19 @@
var extraLoc = Math.max(vertexLoc, normalLoc) + 1;
gl.enableVertexAttribArray(extraLoc);
debug("Enable an extra attribute with null");
-shouldBe('gl.getError()', '0');
+glErrorShouldBe(gl, gl.NO_ERROR);
shouldBeUndefined('gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0)');
-shouldBe('gl.getError()', 'gl.INVALID_OPERATION');
+glErrorShouldBe(gl, gl.INVALID_OPERATION);
debug("Enable an extra attribute with insufficient data buffer");
gl.vertexAttribPointer(extraLoc, 3, gl.FLOAT, false, 7 * sizeInBytes(gl.FLOAT), 4 * sizeInBytes(gl.FLOAT));
-shouldBe('gl.getError()', '0');
+glErrorShouldBe(gl, gl.NO_ERROR);
shouldBeUndefined('gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0)');
-shouldBe('gl.getError()', '0');
+debug("Pass large negative index to vertexAttribPointer");
+gl.vertexAttribPointer(normalLoc, 3, gl.FLOAT, false, 7 * sizeInBytes(gl.FLOAT), -2000000000 * sizeInBytes(gl.FLOAT));
+glErrorShouldBe(gl, gl.INVALID_VALUE);
+shouldBeUndefined('gl.drawElements(gl.TRIANGLES, 3, gl.UNSIGNED_SHORT, 0)');
+
+successfullyParsed = true;
</script>
<script src=""
Modified: trunk/Source/WebCore/ChangeLog (116220 => 116221)
--- trunk/Source/WebCore/ChangeLog 2012-05-05 12:24:28 UTC (rev 116220)
+++ trunk/Source/WebCore/ChangeLog 2012-05-05 14:51:39 UTC (rev 116221)
@@ -1,3 +1,21 @@
+2012-05-05 Zhenyao Mo <z...@google.com>
+
+ vertexAttribPointer needs to reject large negative offsets
+ https://bugs.webkit.org/show_bug.cgi?id=85117
+
+ Reviewed by Kenneth Russell.
+
+ * html/canvas/WebGLRenderingContext.cpp: Use long long for GLsizeiptr and GLintptr
+ (WebCore):
+ (WebCore::WebGLRenderingContext::bufferData):
+ (WebCore::WebGLRenderingContext::bufferSubData):
+ (WebCore::WebGLRenderingContext::drawElements):
+ (WebCore::WebGLRenderingContext::getVertexAttribOffset):
+ (WebCore::WebGLRenderingContext::vertexAttribPointer):
+ * html/canvas/WebGLRenderingContext.h: Ditto
+ (WebGLRenderingContext):
+ * html/canvas/WebGLRenderingContext.idl: Ditto
+
2012-05-05 Andrey Kosyakov <ca...@chromium.org>
Web Inspector: add separate timeline overview item for the frame mode
Modified: trunk/Source/WebCore/html/canvas/WebGLRenderingContext.cpp (116220 => 116221)
--- trunk/Source/WebCore/html/canvas/WebGLRenderingContext.cpp 2012-05-05 12:24:28 UTC (rev 116220)
+++ trunk/Source/WebCore/html/canvas/WebGLRenderingContext.cpp 2012-05-05 14:51:39 UTC (rev 116221)
@@ -1036,7 +1036,7 @@
cleanupAfterGraphicsCall(false);
}
-void WebGLRenderingContext::bufferData(GC3Denum target, GC3Dsizeiptr size, GC3Denum usage, ExceptionCode& ec)
+void WebGLRenderingContext::bufferData(GC3Denum target, long long size, GC3Denum usage, ExceptionCode& ec)
{
UNUSED_PARAM(ec);
if (isContextLost())
@@ -1105,7 +1105,7 @@
cleanupAfterGraphicsCall(false);
}
-void WebGLRenderingContext::bufferSubData(GC3Denum target, GC3Dintptr offset, ArrayBuffer* data, ExceptionCode& ec)
+void WebGLRenderingContext::bufferSubData(GC3Denum target, long long offset, ArrayBuffer* data, ExceptionCode& ec)
{
UNUSED_PARAM(ec);
if (isContextLost())
@@ -1130,7 +1130,7 @@
cleanupAfterGraphicsCall(false);
}
-void WebGLRenderingContext::bufferSubData(GC3Denum target, GC3Dintptr offset, ArrayBufferView* data, ExceptionCode& ec)
+void WebGLRenderingContext::bufferSubData(GC3Denum target, long long offset, ArrayBufferView* data, ExceptionCode& ec)
{
UNUSED_PARAM(ec);
if (isContextLost())
@@ -1898,7 +1898,7 @@
cleanupAfterGraphicsCall(true);
}
-void WebGLRenderingContext::drawElements(GC3Denum mode, GC3Dsizei count, GC3Denum type, GC3Dintptr offset, ExceptionCode& ec)
+void WebGLRenderingContext::drawElements(GC3Denum mode, GC3Dsizei count, GC3Denum type, long long offset, ExceptionCode& ec)
{
UNUSED_PARAM(ec);
@@ -3038,7 +3038,7 @@
}
}
-GC3Dsizeiptr WebGLRenderingContext::getVertexAttribOffset(GC3Duint index, GC3Denum pname)
+long long WebGLRenderingContext::getVertexAttribOffset(GC3Duint index, GC3Denum pname)
{
if (isContextLost())
return 0;
@@ -4250,7 +4250,7 @@
vertexAttribfvImpl("vertexAttrib4fv", index, v, size, 4);
}
-void WebGLRenderingContext::vertexAttribPointer(GC3Duint index, GC3Dint size, GC3Denum type, GC3Dboolean normalized, GC3Dsizei stride, GC3Dintptr offset, ExceptionCode& ec)
+void WebGLRenderingContext::vertexAttribPointer(GC3Duint index, GC3Dint size, GC3Denum type, GC3Dboolean normalized, GC3Dsizei stride, long long offset, ExceptionCode& ec)
{
UNUSED_PARAM(ec);
if (isContextLost())
Modified: trunk/Source/WebCore/html/canvas/WebGLRenderingContext.h (116220 => 116221)
--- trunk/Source/WebCore/html/canvas/WebGLRenderingContext.h 2012-05-05 12:24:28 UTC (rev 116220)
+++ trunk/Source/WebCore/html/canvas/WebGLRenderingContext.h 2012-05-05 14:51:39 UTC (rev 116221)
@@ -96,11 +96,11 @@
void blendFunc(GC3Denum sfactor, GC3Denum dfactor);
void blendFuncSeparate(GC3Denum srcRGB, GC3Denum dstRGB, GC3Denum srcAlpha, GC3Denum dstAlpha);
- void bufferData(GC3Denum target, GC3Dsizeiptr size, GC3Denum usage, ExceptionCode&);
+ void bufferData(GC3Denum target, long long size, GC3Denum usage, ExceptionCode&);
void bufferData(GC3Denum target, ArrayBuffer* data, GC3Denum usage, ExceptionCode&);
void bufferData(GC3Denum target, ArrayBufferView* data, GC3Denum usage, ExceptionCode&);
- void bufferSubData(GC3Denum target, GC3Dintptr offset, ArrayBuffer* data, ExceptionCode&);
- void bufferSubData(GC3Denum target, GC3Dintptr offset, ArrayBufferView* data, ExceptionCode&);
+ void bufferSubData(GC3Denum target, long long offset, ArrayBuffer* data, ExceptionCode&);
+ void bufferSubData(GC3Denum target, long long offset, ArrayBufferView* data, ExceptionCode&);
GC3Denum checkFramebufferStatus(GC3Denum target);
void clear(GC3Dbitfield mask);
@@ -141,7 +141,7 @@
void disable(GC3Denum cap);
void disableVertexAttribArray(GC3Duint index, ExceptionCode&);
void drawArrays(GC3Denum mode, GC3Dint first, GC3Dsizei count, ExceptionCode&);
- void drawElements(GC3Denum mode, GC3Dsizei count, GC3Denum type, GC3Dintptr offset, ExceptionCode&);
+ void drawElements(GC3Denum mode, GC3Dsizei count, GC3Denum type, long long offset, ExceptionCode&);
void enable(GC3Denum cap);
void enableVertexAttribArray(GC3Duint index, ExceptionCode&);
@@ -174,7 +174,7 @@
WebGLGetInfo getUniform(WebGLProgram*, const WebGLUniformLocation*, ExceptionCode&);
PassRefPtr<WebGLUniformLocation> getUniformLocation(WebGLProgram*, const String&, ExceptionCode&);
WebGLGetInfo getVertexAttrib(GC3Duint index, GC3Denum pname, ExceptionCode&);
- GC3Dsizeiptr getVertexAttribOffset(GC3Duint index, GC3Denum pname);
+ long long getVertexAttribOffset(GC3Duint index, GC3Denum pname);
void hint(GC3Denum target, GC3Denum mode);
GC3Dboolean isBuffer(WebGLBuffer*);
@@ -281,7 +281,7 @@
void vertexAttrib4fv(GC3Duint index, Float32Array* values);
void vertexAttrib4fv(GC3Duint index, GC3Dfloat* values, GC3Dsizei size);
void vertexAttribPointer(GC3Duint index, GC3Dint size, GC3Denum type, GC3Dboolean normalized,
- GC3Dsizei stride, GC3Dintptr offset, ExceptionCode&);
+ GC3Dsizei stride, long long offset, ExceptionCode&);
void viewport(GC3Dint x, GC3Dint y, GC3Dsizei width, GC3Dsizei height);
Modified: trunk/Source/WebCore/html/canvas/WebGLRenderingContext.idl (116220 => 116221)
--- trunk/Source/WebCore/html/canvas/WebGLRenderingContext.idl 2012-05-05 12:24:28 UTC (rev 116220)
+++ trunk/Source/WebCore/html/canvas/WebGLRenderingContext.idl 2012-05-05 14:51:39 UTC (rev 116221)
@@ -463,9 +463,9 @@
[StrictTypeChecking] void blendFuncSeparate(in unsigned long srcRGB, in unsigned long dstRGB, in unsigned long srcAlpha, in unsigned long dstAlpha);
[StrictTypeChecking] void bufferData(in unsigned long target, in ArrayBuffer data, in unsigned long usage) raises (DOMException);
[StrictTypeChecking] void bufferData(in unsigned long target, in ArrayBufferView data, in unsigned long usage) raises (DOMException);
- [StrictTypeChecking] void bufferData(in unsigned long target, in long size, in unsigned long usage) raises (DOMException);
- [StrictTypeChecking] void bufferSubData(in unsigned long target, in long offset, in ArrayBuffer data) raises (DOMException);
- [StrictTypeChecking] void bufferSubData(in unsigned long target, in long offset, in ArrayBufferView data) raises (DOMException);
+ [StrictTypeChecking] void bufferData(in unsigned long target, in long long size, in unsigned long usage) raises (DOMException);
+ [StrictTypeChecking] void bufferSubData(in unsigned long target, in long long offset, in ArrayBuffer data) raises (DOMException);
+ [StrictTypeChecking] void bufferSubData(in unsigned long target, in long long offset, in ArrayBufferView data) raises (DOMException);
[StrictTypeChecking] unsigned long checkFramebufferStatus(in unsigned long target);
[StrictTypeChecking] void clear(in unsigned long mask);
@@ -507,7 +507,7 @@
[StrictTypeChecking] void disable(in unsigned long cap);
[StrictTypeChecking] void disableVertexAttribArray(in unsigned long index) raises(DOMException);
[StrictTypeChecking] void drawArrays(in unsigned long mode, in long first, in long count) raises(DOMException);
- [StrictTypeChecking] void drawElements(in unsigned long mode, in long count, in unsigned long type, in long offset) raises(DOMException);
+ [StrictTypeChecking] void drawElements(in unsigned long mode, in long count, in unsigned long type, in long long offset) raises(DOMException);
[StrictTypeChecking] void enable(in unsigned long cap);
[StrictTypeChecking] void enableVertexAttribArray(in unsigned long index) raises(DOMException);
@@ -567,7 +567,7 @@
// any getVertexAttrib(in unsigned long index, in unsigned long pname) raises(DOMException);
[StrictTypeChecking, Custom] void getVertexAttrib();
- [StrictTypeChecking] long getVertexAttribOffset(in unsigned long index, in unsigned long pname);
+ [StrictTypeChecking] long long getVertexAttribOffset(in unsigned long index, in unsigned long pname);
[StrictTypeChecking] void hint(in unsigned long target, in unsigned long mode);
[StrictTypeChecking] boolean isBuffer(in WebGLBuffer buffer);
@@ -661,7 +661,7 @@
[StrictTypeChecking] void vertexAttrib4f(in unsigned long indx, in float x, in float y, in float z, in float w);
[StrictTypeChecking, Custom] void vertexAttrib4fv(in unsigned long indx, in Float32Array values);
[StrictTypeChecking] void vertexAttribPointer(in unsigned long indx, in long size, in unsigned long type, in boolean normalized,
- in long stride, in long offset) raises(DOMException);
+ in long stride, in long long offset) raises(DOMException);
[StrictTypeChecking] void viewport(in long x, in long y, in long width, in long height);
};
