Bug 1472894 - Forbid too-large ranges in BlitFramebuffer. - r=kvark
MozReview-Commit-ID: DL0HSrG8wJC
--- a/dom/canvas/WebGL2ContextFramebuffers.cpp
+++ b/dom/canvas/WebGL2ContextFramebuffers.cpp
@@ -2,16 +2,17 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "WebGL2Context.h"
#include "GLContext.h"
#include "GLScreenBuffer.h"
+#include "mozilla/CheckedInt.h"
#include "WebGLContextUtils.h"
#include "WebGLFormats.h"
#include "WebGLFramebuffer.h"
namespace mozilla {
void
WebGL2Context::BlitFramebuffer(GLint srcX0, GLint srcY0, GLint srcX1, GLint srcY1,
@@ -33,17 +34,33 @@ WebGL2Context::BlitFramebuffer(GLint src
case LOCAL_GL_NEAREST:
case LOCAL_GL_LINEAR:
break;
default:
ErrorInvalidEnumInfo("blitFramebuffer: Bad `filter`:", filter);
return;
}
- ////
+ // --
+
+ const auto fnLikelyOverflow = [](GLint p0, GLint p1) {
+ auto checked = CheckedInt<GLint>(p1) - p0;
+ checked = -checked; // And check the negation!
+ return !checked.isValid();
+ };
+
+ if (fnLikelyOverflow(srcX0, srcX1) || fnLikelyOverflow(srcY0, srcY1) ||
+ fnLikelyOverflow(dstX0, dstX1) || fnLikelyOverflow(dstY0, dstY1))
+ {
+ ErrorInvalidValue("blitFramebuffer: Likely-to-overflow large ranges are"
+ " forbidden.");
+ return;
+ }
+
+ // --
if (!ValidateAndInitFB("blitFramebuffer: READ_FRAMEBUFFER", mBoundReadFramebuffer) ||
!ValidateAndInitFB("blitFramebuffer: DRAW_FRAMEBUFFER", mBoundDrawFramebuffer))
{
return;
}
DoBindFB(mBoundReadFramebuffer, LOCAL_GL_READ_FRAMEBUFFER);
--- a/dom/canvas/test/webgl-conf/mochitest-errata.ini
+++ b/dom/canvas/test/webgl-conf/mochitest-errata.ini
@@ -1194,11 +1194,8 @@ skip-if = (os == 'win')
[generated/test_conformance__misc__webgl-specific-stencil-settings.html]
skip-if = (os == 'win')
[generated/test_conformance__textures__misc__tex-video-using-tex-unit-non-zero.html]
# Fails on QuantumRender configs, but passes on standard configs?
# Might be intermittant.
skip-if = (os == 'win')
[generated/test_2_conformance__textures__misc__tex-video-using-tex-unit-non-zero.html]
skip-if = (os == 'win')
-[generated/test_2_conformance2__rendering__blitframebuffer-size-overflow.html]
-# Bug 1472894
-skip-if = (os == 'win')