Bug 674042 - WebGL: crash in getUniformLocation with too long uniform identifiers - r=jrmuizel

This limits the length of uniform and attrib identifiers to 4095 characters, to steer clear GL implementation bugs with too long identifiers. The 4095 is totally arbitrary, all we know is that crashes happen after 2^22 chars.
2024-09-13 09:24:08 -07:00 · 2011-07-28 17:12:31 -04:00 · 2011-07-28 17:12:31 -04:00 · 2bc65bec27
commit 2bc65bec27
parent a50f06d79d
4 changed files with 20 additions and 1 deletions
--- a/content/canvas/src/WebGLContext.h
+++ b/content/canvas/src/WebGLContext.h
@ -491,6 +491,8 @@ protected:
    PRBool ValidateAttribIndex(WebGLuint index, const char *info);
    PRBool ValidateStencilParamsForDrawCall();
    
+    bool  ValidateGLSLIdentifier(const nsAString& name, const char *info);
+
    static PRUint32 GetTexelSize(WebGLenum format, WebGLenum type);

    void Invalidate();
--- a/content/canvas/src/WebGLContextGL.cpp
+++ b/content/canvas/src/WebGLContextGL.cpp
@ -1839,6 +1839,9 @@ WebGLContext::GetAttribLocation(nsIWebGLProgram *pobj,
    if (!GetGLName<WebGLProgram>("getAttribLocation: program", pobj, &progname))
        return NS_OK;

+    if (!ValidateGLSLIdentifier(name, "getAttribLocation"))
+        return NS_OK; 
+
    MakeContextCurrent();
    *retval = gl->fGetAttribLocation(progname, NS_LossyConvertUTF16toASCII(name).get());
    return NS_OK;
@ -2661,6 +2664,9 @@ WebGLContext::GetUniformLocation(nsIWebGLProgram *pobj, const nsAString& name, n
    if (!GetConcreteObjectAndGLName("getUniformLocation: program", pobj, &prog, &progname))
        return NS_OK;

+    if (!ValidateGLSLIdentifier(name, "getUniformLocation"))
+        return NS_OK; 
+
    MakeContextCurrent();

    GLint intlocation = gl->fGetUniformLocation(progname, NS_LossyConvertUTF16toASCII(name).get());
--- a/content/canvas/src/WebGLContextValidate.cpp
+++ b/content/canvas/src/WebGLContextValidate.cpp
@ -328,6 +328,17 @@ PRBool WebGLContext::ValidateDrawModeEnum(WebGLenum mode, const char *info)
    }
 }

+bool WebGLContext::ValidateGLSLIdentifier(const nsAString& name, const char *info)
+{
+    const PRUint32 maxSize = 4095;
+    if (name.Length() > maxSize) {
+        ErrorInvalidValue("%s: identifier is %d characters long, exceeds the maximum allowed length of %d characters",
+                          info, name.Length(), maxSize);
+        return false;
+    }
+    return true;
+}
+
 PRUint32 WebGLContext::GetTexelSize(WebGLenum format, WebGLenum type)
 {
    if (type == LOCAL_GL_UNSIGNED_BYTE || type == LOCAL_GL_FLOAT) {
--- a/gfx/layers/d3d10/CanvasLayerD3D10.cpp
+++ b/gfx/layers/d3d10/CanvasLayerD3D10.cpp
@ -118,7 +118,7 @@ CanvasLayerD3D10::Initialize(const Data& aData)
  }

  if (mUsingSharedTexture) {
-      mNeedsYFlip = PR_FALSE;
+    mNeedsYFlip = PR_FALSE;
  } else {
    CD3D10_TEXTURE2D_DESC desc(DXGI_FORMAT_B8G8R8A8_UNORM, mBounds.width, mBounds.height, 1, 1);
    desc.Usage = D3D10_USAGE_DYNAMIC;