texSubImage2D crashed on iOS16 + WebGL2 + large WASM memory by kkinnunen-apple · Pull Request #9451 · WebKit/WebKit

kkinnunen-apple · 2023-02-01T14:51:23Z

`905fdd7`

texSubImage2D crashed on iOS16 + WebGL2 + large WASM memory
https://bugs.webkit.org/show_bug.cgi?id=250558
rdar://104305743

Reviewed by Matt Woodrow.

Adjust the input size from the ArrayBufferView byteLength
to the actual image data size texSubImage2D would use.
Fixes crashes where IPC would copy the whole ArrayBufferView into
encoding buffer, causing the WP process size increase.

* Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp:
(WebCore::WebGLRenderingContextBase::validateTexFuncData):

Canonical link: https://commits.webkit.org/259742@main

1cc3b31

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 🧪 win
✅ 🧪 bindings	✅ 🛠 ios-sim	✅ 🛠 mac-AS-debug	✅ 🛠 gtk	✅ 🛠 wincairo
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🧪 api-mac	✅ 🧪 gtk-wk2
	✅ 🧪 api-ios	✅ 🧪 mac-wk1	✅ 🧪 api-gtk
	✅ 🛠 tv	✅ 🧪 mac-wk2
	✅ 🛠 tv-sim	❌ 🧪 mac-AS-debug-wk2
	✅ 🛠 watch	✅ 🧪 mac-wk2-stress
✅ 🛠 🧪 merge	✅ 🛠 watch-sim

webkit-early-warning-system · 2023-02-01T14:52:43Z

EWS run on current version of this PR (hash 1cc3b31)

Details

Misc	iOS, tvOS & watchOS	macOS	Linux	Windows
✅ 🧪 style	✅ 🛠 ios	✅ 🛠 mac	✅ 🛠 wpe	✅ 🛠 🧪 win
✅ 🧪 bindings	✅ 🛠 ios-sim	✅ 🛠 mac-AS-debug	✅ 🛠 gtk	✅ 🛠 wincairo
✅ 🧪 webkitperl	✅ 🧪 ios-wk2	✅ 🧪 api-mac	✅ 🧪 gtk-wk2
	✅ 🧪 api-ios	✅ 🧪 mac-wk1	✅ 🧪 api-gtk
	✅ 🛠 tv	✅ 🧪 mac-wk2
	✅ 🛠 tv-sim	❌ 🧪 mac-AS-debug-wk2
	✅ 🛠 watch	✅ 🧪 mac-wk2-stress
✅ 🛠 🧪 merge	✅ 🛠 watch-sim

djg

🚢

https://bugs.webkit.org/show_bug.cgi?id=250558 rdar://104305743 Reviewed by Matt Woodrow. Adjust the input size from the ArrayBufferView byteLength to the actual image data size texSubImage2D would use. Fixes crashes where IPC would copy the whole ArrayBufferView into encoding buffer, causing the WP process size increase. * Source/WebCore/html/canvas/WebGLRenderingContextBase.cpp: (WebCore::WebGLRenderingContextBase::validateTexFuncData): Canonical link: https://commits.webkit.org/259742@main

webkit-commit-queue · 2023-02-02T08:40:02Z

Committed 259742@main (905fdd7): https://commits.webkit.org/259742@main

Reviewed commits have been landed. Closing PR #9451 and removing active labels.

juj · 2023-05-12T16:28:11Z

Hi @kkinnunen-apple , this bug is critically affecting Unity content. Do you know which version of released Safari would first have a fix for this? (or also, which version of Safari might be the first one that got this regression)

kkinnunen-apple · 2023-05-22T08:23:32Z

Hi @kkinnunen-apple , this bug is critically affecting Unity content. Do you know which version of released Safari would first have a fix for this? (or also, which version of Safari might be the first one that got this regression)

The fix shipped in iOS 16.4, macOS 12.3, Safari 16.4

kkinnunen-apple requested review from cdumez and rniwa as code owners February 1, 2023 14:51

kkinnunen-apple self-assigned this Feb 1, 2023

kkinnunen-apple added the WebGL Bugs in WebKit’s implementation of the WebGL standard. label Feb 1, 2023

kkinnunen-apple requested review from djg and grorg February 1, 2023 14:51

djg approved these changes Feb 1, 2023

View reviewed changes

mattwoodrow approved these changes Feb 2, 2023

View reviewed changes

djg added the merge-queue Applied to send a pull request to merge-queue label Feb 2, 2023

webkit-ews-buildbot added merging-blocked Applied to prevent a change from being merged and removed merge-queue Applied to send a pull request to merge-queue labels Feb 2, 2023

kkinnunen-apple added merge-queue Applied to send a pull request to merge-queue and removed merging-blocked Applied to prevent a change from being merged labels Feb 2, 2023

webkit-early-warning-system force-pushed the webgl-ipc-texupload-too-big-memory-1 branch from 1cc3b31 to 905fdd7 Compare February 2, 2023 08:39

webkit-early-warning-system merged commit 905fdd7 into WebKit:main Feb 2, 2023

webkit-commit-queue removed the merge-queue Applied to send a pull request to merge-queue label Feb 2, 2023

juj mentioned this pull request Feb 28, 2024

Avoid garbage-free WebGL APIs when memory size is over 2gb. emscripten-core/emscripten#21445

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

texSubImage2D crashed on iOS16 + WebGL2 + large WASM memory#9451

texSubImage2D crashed on iOS16 + WebGL2 + large WASM memory#9451
webkit-early-warning-system merged 1 commit intoWebKit:mainfrom
kkinnunen-apple:webgl-ipc-texupload-too-big-memory-1

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

Conversation

Uh oh!

905fdd7

Uh oh!

Uh oh!

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

7 participants

`905fdd7`