Implement sub source for WebGL2's clearBuffer*().

third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp

Index: third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
diff --git a/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp b/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
index 9a902001dac684e122478db4de383c8623ee1e3c..eb30a5b07daec212a51e1d529140db084b3ae25a 100644
--- a/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
+++ b/third_party/WebKit/Source/modules/webgl/WebGL2RenderingContextBase.cpp
@@ -67,7 +67,7 @@ bool ValidateSubSourceAndGetData(DOMArrayBufferView* view,
   }
   CheckedNumeric<long long> total = byte_offset;
   total += byte_length;
-  if (!total.IsValid() || total.ValueOrDie() > view->byteLength()) {
+  if (!total.IsValid() || total.ValueOrDefault(0) > view->byteLength()) {

[Ken Russell (switch to Gerrit), 2017/04/12 18:56:49]

Here and throughout, I think we should continue to use ValueOrDie because it's
safer. If there's a code change which accidentally eliminates the IsValid()
check, ValueOrDie will prevent security bugs due to integer overflow.
ValueOrDefault runs the risk of not doing so.

[Zhenyao Mo, 2017/04/12 20:14:53]

Done.

     return false;
   }
   if (!byte_length) {
@@ -3463,20 +3463,28 @@ void WebGL2RenderingContextBase::drawBuffers(const Vector<GLenum>& buffers) {
 
 bool WebGL2RenderingContextBase::ValidateClearBuffer(const char* function_name,
                                                      GLenum buffer,
-                                                     GLsizei size) {
+                                                     GLsizei size,
+                                                     GLuint src_offset) {
+  CheckedNumeric<GLsizei> checked_size(size);
+  checked_size -= src_offset;
+  if (!checked_size.IsValid()) {
+    SynthesizeGLError(GL_INVALID_VALUE, function_name,
+                      "invalid array size / srcOffset");
+    return false;
+  }
   switch (buffer) {
     case GL_COLOR:
-      if (size < 4) {
+      if (checked_size.ValueOrDefault(0) < 4) {
         SynthesizeGLError(GL_INVALID_VALUE, function_name,
-                          "invalid array size");
+                          "invalid array size / srcOffset");
         return false;
       }
       break;
     case GL_DEPTH:
     case GL_STENCIL:
-      if (size < 1) {
+      if (checked_size.ValueOrDefault(0) < 1) {
         SynthesizeGLError(GL_INVALID_VALUE, function_name,
-                          "invalid array size");
+                          "invalid array size / srcOffset");
         return false;
       }
       break;
@@ -3498,64 +3506,74 @@ WebGLTexture* WebGL2RenderingContextBase::ValidateTexImageBinding(
 
 void WebGL2RenderingContextBase::clearBufferiv(GLenum buffer,
                                                GLint drawbuffer,
-                                               NotShared<DOMInt32Array> value) {
+                                               NotShared<DOMInt32Array> value,
+                                               GLuint src_offset) {
   if (isContextLost() ||
-      !ValidateClearBuffer("clearBufferiv", buffer, value.View()->length()))
+      !ValidateClearBuffer("clearBufferiv", buffer, value.View()->length(),
+                           src_offset))
     return;
 
-  ContextGL()->ClearBufferiv(buffer, drawbuffer, value.View()->Data());
+  ContextGL()->ClearBufferiv(buffer, drawbuffer,
+                             value.View()->Data() + src_offset);
 }
 
 void WebGL2RenderingContextBase::clearBufferiv(GLenum buffer,
                                                GLint drawbuffer,
-                                               const Vector<GLint>& value) {
+                                               const Vector<GLint>& value,
+                                               GLuint src_offset) {
   if (isContextLost() ||
-      !ValidateClearBuffer("clearBufferiv", buffer, value.size()))
+      !ValidateClearBuffer("clearBufferiv", buffer, value.size(), src_offset))
     return;
 
-  ContextGL()->ClearBufferiv(buffer, drawbuffer, value.Data());
+  ContextGL()->ClearBufferiv(buffer, drawbuffer, value.Data() + src_offset);
 }
 
-void WebGL2RenderingContextBase::clearBufferuiv(
-    GLenum buffer,
-    GLint drawbuffer,
-    NotShared<DOMUint32Array> value) {
+void WebGL2RenderingContextBase::clearBufferuiv(GLenum buffer,
+                                                GLint drawbuffer,
+                                                NotShared<DOMUint32Array> value,
+                                                GLuint src_offset) {
   if (isContextLost() ||
-      !ValidateClearBuffer("clearBufferuiv", buffer, value.View()->length()))
+      !ValidateClearBuffer("clearBufferuiv", buffer, value.View()->length(),
+                           src_offset))
     return;
 
-  ContextGL()->ClearBufferuiv(buffer, drawbuffer, value.View()->Data());
+  ContextGL()->ClearBufferuiv(buffer, drawbuffer,
+                              value.View()->Data() + src_offset);
 }
 
 void WebGL2RenderingContextBase::clearBufferuiv(GLenum buffer,
                                                 GLint drawbuffer,
-                                                const Vector<GLuint>& value) {
+                                                const Vector<GLuint>& value,
+                                                GLuint src_offset) {
   if (isContextLost() ||
-      !ValidateClearBuffer("clearBufferuiv", buffer, value.size()))
+      !ValidateClearBuffer("clearBufferuiv", buffer, value.size(), src_offset))
     return;
 
-  ContextGL()->ClearBufferuiv(buffer, drawbuffer, value.Data());
+  ContextGL()->ClearBufferuiv(buffer, drawbuffer, value.Data() + src_offset);
 }
 
-void WebGL2RenderingContextBase::clearBufferfv(
-    GLenum buffer,
-    GLint drawbuffer,
-    NotShared<DOMFloat32Array> value) {
+void WebGL2RenderingContextBase::clearBufferfv(GLenum buffer,
+                                               GLint drawbuffer,
+                                               NotShared<DOMFloat32Array> value,
+                                               GLuint src_offset) {
   if (isContextLost() ||
-      !ValidateClearBuffer("clearBufferfv", buffer, value.View()->length()))
+      !ValidateClearBuffer("clearBufferfv", buffer, value.View()->length(),
+                           src_offset))
     return;
 
-  ContextGL()->ClearBufferfv(buffer, drawbuffer, value.View()->Data());
+  ContextGL()->ClearBufferfv(buffer, drawbuffer,
+                             value.View()->Data() + src_offset);
 }
 
 void WebGL2RenderingContextBase::clearBufferfv(GLenum buffer,
                                                GLint drawbuffer,
-                                               const Vector<GLfloat>& value) {
+                                               const Vector<GLfloat>& value,
+                                               GLuint src_offset) {
   if (isContextLost() ||
-      !ValidateClearBuffer("clearBufferfv", buffer, value.size()))
+      !ValidateClearBuffer("clearBufferfv", buffer, value.size(), src_offset))
     return;
 
-  ContextGL()->ClearBufferfv(buffer, drawbuffer, value.Data());
+  ContextGL()->ClearBufferfv(buffer, drawbuffer, value.Data() + src_offset);
 }
 
 void WebGL2RenderingContextBase::clearBufferfi(GLenum buffer,
@@ -5632,7 +5650,8 @@ const char* WebGL2RenderingContextBase::ValidateGetBufferSubDataBounds(
     long long destination_byte_length) {
   CheckedNumeric<long long> src_end = source_byte_offset;
   src_end += destination_byte_length;
-  if (!src_end.IsValid() || src_end.ValueOrDie() > source_buffer->GetSize()) {
+  if (!src_end.IsValid() ||
+      src_end.ValueOrDefault(0) > source_buffer->GetSize()) {
     SynthesizeGLError(GL_INVALID_VALUE, function_name,
                       "overflow of bound buffer");
     return "Invalid value: overflow of bound buffer";