[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
zmo at google.com
zmo at google.com
Wed Dec 22 15:59:47 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit df87817385c5674e6ecaa6d111ac1d3a49e8c9e3
Author: zmo at google.com <zmo at google.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Wed Nov 17 19:55:11 2010 +0000
2010-11-16 Zhenyao Mo <zmo at google.com>
Reviewed by Kenneth Russell.
WebGLRenderingContext needs to zero textures and renderbuffers
https://bugs.webkit.org/show_bug.cgi?id=49355
* src/WebGraphicsContext3DDefaultImpl.cpp: Don't deal with texture initialization at this level.
2010-11-16 Zhenyao Mo <zmo at google.com>
Reviewed by Kenneth Russell.
WebGLRenderingContext needs to zero textures and renderbuffers
https://bugs.webkit.org/show_bug.cgi?id=49355
Test: fast/canvas/webgl/uninitialized-test.html
* html/canvas/WebGLFramebuffer.cpp:
(WebCore::WebGLFramebuffer::onAccess): Use a parameter to decide if renderbuffer initialization is needed.
(WebCore::WebGLFramebuffer::initializeRenderbuffers): Don't return false if color buffer doesn't exist.
* html/canvas/WebGLFramebuffer.h: Modify onAccess function signature.
* html/canvas/WebGLRenderingContext.cpp:
(WebCore::WebGLRenderingContext::clear): Call onAccess with an added parameter.
(WebCore::WebGLRenderingContext::copyTexImage2D): Ditto.
(WebCore::WebGLRenderingContext::copyTexSubImage2D): Ditto.
(WebCore::WebGLRenderingContext::drawArrays): Ditto.
(WebCore::WebGLRenderingContext::drawElements): Ditto.
(WebCore::WebGLRenderingContext::readPixels): Ditto.
(WebCore::WebGLRenderingContext::texImage2DBase): Create buffer data of 0s if input is null to initialize textures.
2010-11-16 Zhenyao Mo <zmo at google.com>
Reviewed by Kenneth Russell.
WebGLRenderingContext needs to zero textures and renderbuffers
https://bugs.webkit.org/show_bug.cgi?id=49355
* fast/canvas/webgl/uninitialized-test-expected.txt: Added.
* fast/canvas/webgl/uninitialized-test.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@72228 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 192bd12..305cc6a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-11-16 Zhenyao Mo <zmo at google.com>
+
+ Reviewed by Kenneth Russell.
+
+ WebGLRenderingContext needs to zero textures and renderbuffers
+ https://bugs.webkit.org/show_bug.cgi?id=49355
+
+ * fast/canvas/webgl/uninitialized-test-expected.txt: Added.
+ * fast/canvas/webgl/uninitialized-test.html: Added.
+
2010-11-17 Adam Roben <aroben at apple.com>
Update Windows results after r72125 and r72173
diff --git a/LayoutTests/fast/canvas/webgl/uninitialized-test-expected.txt b/LayoutTests/fast/canvas/webgl/uninitialized-test-expected.txt
new file mode 100644
index 0000000..fba2b72
--- /dev/null
+++ b/LayoutTests/fast/canvas/webgl/uninitialized-test-expected.txt
@@ -0,0 +1,13 @@
+Tests to check user code cannot access uninitialized data from GL resources.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+PASS Context created.
+Reading an uninitialized texture should succeed with all bytes set to 0.
+PASS All data initialized
+PASS getError was expected value: NO_ERROR :
+
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/fast/canvas/webgl/uninitialized-test.html b/LayoutTests/fast/canvas/webgl/uninitialized-test.html
new file mode 100644
index 0000000..f353f93
--- /dev/null
+++ b/LayoutTests/fast/canvas/webgl/uninitialized-test.html
@@ -0,0 +1,91 @@
+<!doctype html>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<title>WebGL Uninitialized GL Resources Tests</title>
+<link rel="stylesheet" href="../../js/resources/js-test-style.css"/>
+<script src="../../js/resources/js-test-pre.js"></script>
+<script src="resources/webgl-test.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<canvas id="canvas" width="2" height="2"> </canvas>
+<script>
+description("Tests to check user code cannot access uninitialized data from GL resources.");
+
+var canvas = document.getElementById("canvas");
+var gl = create3DContext(canvas);
+if (!gl)
+ testFailed("Context created.");
+else
+ testPassed("Context created.");
+
+debug("Reading an uninitialized texture should succeed with all bytes set to 0.");
+
+var width = 512;
+var height = 512;
+var bpp = 4;
+var expectedDataLength = width*height*bpp;
+
+var tex = gl.createTexture();
+gl.bindTexture(gl.TEXTURE_2D, tex);
+gl.texImage2D(gl.TEXTURE_2D, 0, gl.RGBA, width, height, 0, gl.RGBA, gl.UNSIGNED_BYTE, null);
+
+// this can be quite undeterministic so to improve odds of seeing uninitialized data write bits
+// into tex then delete texture then re-create one with same characteristics (driver will likely reuse mem)
+// with this trick on r59046 WebKit/OSX I get FAIL 100% of the time instead of ~15% of the time.
+
+var badData = new Uint8Array(expectedDataLength);
+for (var i = 0; i < badData.length; ++i)
+ badData[i] = i % 255;
+
+gl.texSubImage2D(gl.TEXTURE_2D, 0, 0, 0, width, height, gl.RGBA, gl.UNSIGNED_BYTE, badData);
+gl.finish(); // make sure it has been uploaded
+
+gl.deleteTexture(tex);
+gl.finish(); // make sure it has been deleted
+
+var tex = gl.createTexture();
+gl.bindTexture(gl.TEXTURE_2D, tex);
+gl.texImage2D(gl.TEXTURE_2D, 0, gl.RGBA, width, height, 0, gl.RGBA, gl.UNSIGNED_BYTE, null);
+
+var fb = gl.createFramebuffer();
+gl.bindFramebuffer(gl.FRAMEBUFFER, fb);
+gl.framebufferTexture2D(gl.FRAMEBUFFER, gl.COLOR_ATTACHMENT0, gl.TEXTURE_2D, tex, 0);
+
+data = new Uint8Array(width * height * 4);
+gl.readPixels(0, 0, width, height, gl.RGBA, gl.UNSIGNED_BYTE, data);
+
+if (data.length != expectedDataLength) {
+ testFailed("expected data length " + expectedDataLength + " but got " + data.length + " instead.");
+} else {
+ var k = 0;
+ for (var i = 0; i < data.length; ++i) {
+ if (data[i] != 0) {
+ k++;
+ }
+ }
+
+ if (k) {
+ testFailed("Found " + k + " non-zero bytes");
+ } else {
+ testPassed("All data initialized");
+ }
+}
+
+glErrorShouldBe(gl, gl.NO_ERROR);
+
+//TODO: uninitialized vertex array buffer
+//TODO: uninitialized vertex elements buffer
+//TODO: uninitialized framebuffer? (implementations would need to do a GL clear at first binding?)
+//TODO: uninitialized renderbuffer? (implementations would need to do a GL clear at first binding?)
+//TODO: uninitialized uniform arrays?
+
+debug("");
+successfullyParsed = true;
+</script>
+<script src="../../js/resources/js-test-post.js"></script>
+</body>
+</html>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 68722e1..8da2ce9 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,25 @@
+2010-11-16 Zhenyao Mo <zmo at google.com>
+
+ Reviewed by Kenneth Russell.
+
+ WebGLRenderingContext needs to zero textures and renderbuffers
+ https://bugs.webkit.org/show_bug.cgi?id=49355
+
+ Test: fast/canvas/webgl/uninitialized-test.html
+
+ * html/canvas/WebGLFramebuffer.cpp:
+ (WebCore::WebGLFramebuffer::onAccess): Use a parameter to decide if renderbuffer initialization is needed.
+ (WebCore::WebGLFramebuffer::initializeRenderbuffers): Don't return false if color buffer doesn't exist.
+ * html/canvas/WebGLFramebuffer.h: Modify onAccess function signature.
+ * html/canvas/WebGLRenderingContext.cpp:
+ (WebCore::WebGLRenderingContext::clear): Call onAccess with an added parameter.
+ (WebCore::WebGLRenderingContext::copyTexImage2D): Ditto.
+ (WebCore::WebGLRenderingContext::copyTexSubImage2D): Ditto.
+ (WebCore::WebGLRenderingContext::drawArrays): Ditto.
+ (WebCore::WebGLRenderingContext::drawElements): Ditto.
+ (WebCore::WebGLRenderingContext::readPixels): Ditto.
+ (WebCore::WebGLRenderingContext::texImage2DBase): Create buffer data of 0s if input is null to initialize textures.
+
2010-11-17 Ryosuke Niwa <rniwa at webkit.org>
Reviewed by Darin Adler.
diff --git a/WebCore/html/canvas/WebGLFramebuffer.cpp b/WebCore/html/canvas/WebGLFramebuffer.cpp
index 5bf3779..dfde33b 100644
--- a/WebCore/html/canvas/WebGLFramebuffer.cpp
+++ b/WebCore/html/canvas/WebGLFramebuffer.cpp
@@ -180,11 +180,13 @@ bool WebGLFramebuffer::isIncomplete(bool checkInternalFormat) const
return false;
}
-bool WebGLFramebuffer::onAccess()
+bool WebGLFramebuffer::onAccess(bool needToInitializeRenderbuffers)
{
if (isIncomplete(true))
return false;
- return initializeRenderbuffers();
+ if (needToInitializeRenderbuffers)
+ return initializeRenderbuffers();
+ return true;
}
void WebGLFramebuffer::deleteObjectImpl(Platform3DObject object)
@@ -200,8 +202,6 @@ void WebGLFramebuffer::deleteObjectImpl(Platform3DObject object)
bool WebGLFramebuffer::initializeRenderbuffers()
{
ASSERT(object());
- if (!isColorAttached())
- return false;
bool initColor = false, initDepth = false, initStencil = false;
unsigned long mask = 0;
if (isUninitialized(m_colorAttachment.get())) {
diff --git a/WebCore/html/canvas/WebGLFramebuffer.h b/WebCore/html/canvas/WebGLFramebuffer.h
index 394b770..275b898 100644
--- a/WebCore/html/canvas/WebGLFramebuffer.h
+++ b/WebCore/html/canvas/WebGLFramebuffer.h
@@ -50,8 +50,9 @@ public:
// readPixels, copyTexImage2D, copyTexSubImage2D if this framebuffer is
// currently bound.
// Return false if the framebuffer is incomplete; otherwise initialize
- // the buffers if they haven't been initialized.
- bool onAccess();
+ // the buffers if they haven't been initialized and
+ // needToInitializeRenderbuffers is true.
+ bool onAccess(bool needToInitializeRenderbuffers);
// Return false does not mean COMPLETE, might still be INCOMPLETE.
bool isIncomplete(bool checkInternalFormat) const;
diff --git a/WebCore/html/canvas/WebGLRenderingContext.cpp b/WebCore/html/canvas/WebGLRenderingContext.cpp
index 0cbbc8e..227baf9 100644
--- a/WebCore/html/canvas/WebGLRenderingContext.cpp
+++ b/WebCore/html/canvas/WebGLRenderingContext.cpp
@@ -59,9 +59,69 @@
#include <wtf/ByteArray.h>
#include <wtf/OwnArrayPtr.h>
+#include <wtf/PassOwnArrayPtr.h>
namespace WebCore {
+namespace {
+
+ unsigned bytesPerComponent(unsigned type)
+ {
+ switch (type) {
+ case GraphicsContext3D::UNSIGNED_BYTE:
+ return 1;
+ case GraphicsContext3D::UNSIGNED_SHORT_5_6_5:
+ case GraphicsContext3D::UNSIGNED_SHORT_4_4_4_4:
+ case GraphicsContext3D::UNSIGNED_SHORT_5_5_5_1:
+ return 2;
+ default:
+ ASSERT(false);
+ return 0;
+ }
+ }
+
+ unsigned componentsPerPixel(unsigned format, unsigned type)
+ {
+ switch (type) {
+ case GraphicsContext3D::UNSIGNED_SHORT_5_6_5:
+ case GraphicsContext3D::UNSIGNED_SHORT_4_4_4_4:
+ case GraphicsContext3D::UNSIGNED_SHORT_5_5_5_1:
+ return 1;
+ default:
+ break;
+ }
+ switch (format) {
+ case GraphicsContext3D::ALPHA:
+ case GraphicsContext3D::LUMINANCE:
+ return 1;
+ case GraphicsContext3D::LUMINANCE_ALPHA:
+ return 2;
+ case GraphicsContext3D::RGB:
+ return 3;
+ case GraphicsContext3D::RGBA:
+ return 4;
+ default:
+ ASSERT(false);
+ return 0;
+ }
+ }
+
+ // This function should only be called if width and height is non-zero and
+ // format/type are valid. Return 0 if overflow happens.
+ size_t imageSizeInBytes(unsigned width, unsigned height, unsigned format, unsigned type)
+ {
+ ASSERT(width && height);
+ CheckedInt<uint32_t> checkedWidth(width);
+ CheckedInt<uint32_t> checkedHeight(height);
+ CheckedInt<uint32_t> checkedBytesPerPixel(bytesPerComponent(type) * componentsPerPixel(format, type));
+ CheckedInt<uint32_t> checkedSize = checkedWidth * checkedHeight * checkedBytesPerPixel;
+ if (checkedSize.valid())
+ return checkedSize.value();
+ return 0;
+ }
+
+} // anonymous namespace
+
static inline Platform3DObject objectOrZero(WebGLObject* object)
{
return object ? object->object() : 0;
@@ -540,7 +600,7 @@ void WebGLRenderingContext::clear(unsigned long mask)
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
- if (m_framebufferBinding && !m_framebufferBinding->onAccess()) {
+ if (m_framebufferBinding && !m_framebufferBinding->onAccess(!isResourceSafe())) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_FRAMEBUFFER_OPERATION);
return;
}
@@ -618,7 +678,7 @@ void WebGLRenderingContext::copyTexImage2D(unsigned long target, long level, uns
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
- if (m_framebufferBinding && !m_framebufferBinding->onAccess()) {
+ if (m_framebufferBinding && !m_framebufferBinding->onAccess(!isResourceSafe())) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_FRAMEBUFFER_OPERATION);
return;
}
@@ -643,7 +703,7 @@ void WebGLRenderingContext::copyTexSubImage2D(unsigned long target, long level,
return;
}
}
- if (m_framebufferBinding && !m_framebufferBinding->onAccess()) {
+ if (m_framebufferBinding && !m_framebufferBinding->onAccess(!isResourceSafe())) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_FRAMEBUFFER_OPERATION);
return;
}
@@ -1074,7 +1134,7 @@ void WebGLRenderingContext::drawArrays(unsigned long mode, long first, long coun
}
}
- if (m_framebufferBinding && !m_framebufferBinding->onAccess()) {
+ if (m_framebufferBinding && !m_framebufferBinding->onAccess(!isResourceSafe())) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_FRAMEBUFFER_OPERATION);
return;
}
@@ -1138,7 +1198,7 @@ void WebGLRenderingContext::drawElements(unsigned long mode, long count, unsigne
}
}
- if (m_framebufferBinding && !m_framebufferBinding->onAccess()) {
+ if (m_framebufferBinding && !m_framebufferBinding->onAccess(!isResourceSafe())) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_FRAMEBUFFER_OPERATION);
return;
}
@@ -2243,7 +2303,7 @@ void WebGLRenderingContext::readPixels(long x, long y, long width, long height,
m_context->synthesizeGLError(GraphicsContext3D::INVALID_OPERATION);
return;
}
- if (m_framebufferBinding && !m_framebufferBinding->onAccess()) {
+ if (m_framebufferBinding && !m_framebufferBinding->onAccess(!isResourceSafe())) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_FRAMEBUFFER_OPERATION);
return;
}
@@ -2443,6 +2503,17 @@ void WebGLRenderingContext::texImage2DBase(unsigned target, unsigned level, unsi
return;
}
}
+ OwnArrayPtr<unsigned char> zero;
+ if (!pixels && !isResourceSafe() && width && height) {
+ size_t size = imageSizeInBytes(width, height, format, type);
+ if (!size) {
+ m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
+ return;
+ }
+ zero = adoptArrayPtr(new unsigned char[size]);
+ memset(zero.get(), 0, size);
+ pixels = zero.get();
+ }
m_context->texImage2D(target, level, internalformat, width, height,
border, format, type, pixels);
tex->setLevelInfo(target, level, internalformat, width, height, type);
diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog
index bebee69..5df0cd3 100644
--- a/WebKit/chromium/ChangeLog
+++ b/WebKit/chromium/ChangeLog
@@ -1,3 +1,12 @@
+2010-11-16 Zhenyao Mo <zmo at google.com>
+
+ Reviewed by Kenneth Russell.
+
+ WebGLRenderingContext needs to zero textures and renderbuffers
+ https://bugs.webkit.org/show_bug.cgi?id=49355
+
+ * src/WebGraphicsContext3DDefaultImpl.cpp: Don't deal with texture initialization at this level.
+
2010-11-17 Satish Sampath <satish at chromium.org>
Reviewed by Jeremy Orlow.
diff --git a/WebKit/chromium/src/WebGraphicsContext3DDefaultImpl.cpp b/WebKit/chromium/src/WebGraphicsContext3DDefaultImpl.cpp
index bd070c6..f7e28f6 100644
--- a/WebKit/chromium/src/WebGraphicsContext3DDefaultImpl.cpp
+++ b/WebKit/chromium/src/WebGraphicsContext3DDefaultImpl.cpp
@@ -1241,70 +1241,7 @@ DELEGATE_TO_GL_2(sampleCoverage, SampleCoverage, double, bool)
DELEGATE_TO_GL_4(scissor, Scissor, long, long, unsigned long, unsigned long)
-unsigned bytesPerComponent(unsigned type)
-{
- switch (type) {
- case GL_BYTE:
- case GL_UNSIGNED_BYTE:
- return 1;
- case GL_SHORT:
- case GL_UNSIGNED_SHORT:
- case GL_UNSIGNED_SHORT_5_6_5:
- case GL_UNSIGNED_SHORT_4_4_4_4:
- case GL_UNSIGNED_SHORT_5_5_5_1:
- return 2;
- case GL_FLOAT:
- return 4;
- default:
- return 4;
- }
-}
-
-unsigned componentsPerPixel(unsigned format, unsigned type)
-{
- switch (type) {
- case GL_UNSIGNED_SHORT_5_6_5:
- case GL_UNSIGNED_SHORT_4_4_4_4:
- case GL_UNSIGNED_SHORT_5_5_5_1:
- return 1;
- default:
- break;
- }
- switch (format) {
- case GL_LUMINANCE:
- return 1;
- case GL_LUMINANCE_ALPHA:
- return 2;
- case GL_RGB:
- return 3;
- case GL_RGBA:
- case GL_BGRA_EXT:
- return 4;
- default:
- return 4;
- }
-}
-
-// N.B.: This code does not protect against integer overflow (as the command
-// buffer implementation does), so it should not be considered robust enough
-// for use in the browser. Since this implementation is only used for layout
-// tests, this should be ok for now.
-size_t imageSizeInBytes(unsigned width, unsigned height, unsigned format, unsigned type)
-{
- return width * height * bytesPerComponent(type) * componentsPerPixel(format, type);
-}
-
-void WebGraphicsContext3DDefaultImpl::texImage2D(unsigned target, unsigned level, unsigned internalFormat, unsigned width, unsigned height, unsigned border, unsigned format, unsigned type, const void* pixels)
-{
- OwnArrayPtr<uint8> zero;
- if (!pixels) {
- size_t size = imageSizeInBytes(width, height, format, type);
- zero.set(new uint8[size]);
- memset(zero.get(), 0, size);
- pixels = zero.get();
- }
- glTexImage2D(target, level, internalFormat, width, height, border, format, type, pixels);
-}
+DELEGATE_TO_GL_9(texImage2D, TexImage2D, unsigned, unsigned, unsigned, unsigned, unsigned, unsigned, unsigned, unsigned, const void*)
void WebGraphicsContext3DDefaultImpl::shaderSource(WebGLId shader, const char* string)
{
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list