Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(157)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp

Issue 2391073004: fix a corner case in getBufferSubData range checking (Closed)
Patch Set: change behavior in this case Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "modules/webgl/WebGL2RenderingContextBase.h" 5 #include "modules/webgl/WebGL2RenderingContextBase.h"
6 6
7 #include "bindings/modules/v8/WebGLAny.h" 7 #include "bindings/modules/v8/WebGLAny.h"
8 #include "core/frame/ImageBitmap.h" 8 #include "core/frame/ImageBitmap.h"
9 #include "core/html/HTMLCanvasElement.h" 9 #include "core/html/HTMLCanvasElement.h"
10 #include "core/html/HTMLImageElement.h" 10 #include "core/html/HTMLImageElement.h"
(...skipping 355 matching lines...) Expand 10 before | Expand all | Expand 10 after
366 WebGLBuffer* buffer = validateBufferDataTarget(funcName, target); 366 WebGLBuffer* buffer = validateBufferDataTarget(funcName, target);
367 if (!buffer) 367 if (!buffer)
368 return; 368 return;
369 void* subBaseAddress = nullptr; 369 void* subBaseAddress = nullptr;
370 long long subByteLength = 0; 370 long long subByteLength = 0;
371 if (!validateSubSourceAndGetData(dstData, dstOffset, length, &subBaseAddress, 371 if (!validateSubSourceAndGetData(dstData, dstOffset, length, &subBaseAddress,
372 &subByteLength)) { 372 &subByteLength)) {
373 synthesizeGLError(GL_INVALID_VALUE, funcName, "buffer overflow"); 373 synthesizeGLError(GL_INVALID_VALUE, funcName, "buffer overflow");
374 return; 374 return;
375 } 375 }
376 if (subByteLength == 0) {
377 return;
378 }
376 379
377 void* mappedData = 380 void* mappedData =
378 contextGL()->MapBufferRange(target, static_cast<GLintptr>(srcByteOffset), 381 contextGL()->MapBufferRange(target, static_cast<GLintptr>(srcByteOffset),
379 subByteLength, GL_MAP_READ_BIT); 382 subByteLength, GL_MAP_READ_BIT);
380 383
381 if (!mappedData) 384 if (!mappedData)
382 return; 385 return;
383 386
384 memcpy(subBaseAddress, mappedData, subByteLength); 387 memcpy(subBaseAddress, mappedData, subByteLength);
385 388
(...skipping 4103 matching lines...) Expand 10 before | Expand all | Expand 10 after
4489 params.skipPixels = m_unpackSkipPixels; 4492 params.skipPixels = m_unpackSkipPixels;
4490 params.skipRows = m_unpackSkipRows; 4493 params.skipRows = m_unpackSkipRows;
4491 if (dimension == Tex3D) { 4494 if (dimension == Tex3D) {
4492 params.imageHeight = m_unpackImageHeight; 4495 params.imageHeight = m_unpackImageHeight;
4493 params.skipImages = m_unpackSkipImages; 4496 params.skipImages = m_unpackSkipImages;
4494 } 4497 }
4495 return params; 4498 return params;
4496 } 4499 }
4497 4500
4498 } // namespace blink 4501 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698