From 7f1590dac07b7208c54e6caf263956afc637ea11 Mon Sep 17 00:00:00 2001 From: Anthony Ramine Date: Mon, 16 Apr 2018 16:22:42 +0200 Subject: [PATCH 1/2] Check mode first in gl.drawElements --- .../script/dom/webglrenderingcontext.rs | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/components/script/dom/webglrenderingcontext.rs b/components/script/dom/webglrenderingcontext.rs index 5deace85746..6529e94de6b 100644 --- a/components/script/dom/webglrenderingcontext.rs +++ b/components/script/dom/webglrenderingcontext.rs @@ -2143,6 +2143,14 @@ impl WebGLRenderingContextMethods for WebGLRenderingContext { // https://www.khronos.org/registry/webgl/specs/latest/1.0/#5.14.11 fn DrawElements(&self, mode: u32, count: i32, type_: u32, offset: i64) { + match mode { + constants::POINTS | constants::LINE_STRIP | + constants::LINE_LOOP | constants::LINES | + constants::TRIANGLE_STRIP | constants::TRIANGLE_FAN | + constants::TRIANGLES => {}, + _ => return self.webgl_error(InvalidEnum), + } + // From the GLES 2.0.25 spec, page 21: // // "type must be one of UNSIGNED_BYTE or UNSIGNED_SHORT" @@ -2194,16 +2202,8 @@ impl WebGLRenderingContextMethods for WebGLRenderingContext { return; } - match mode { - constants::POINTS | constants::LINE_STRIP | - constants::LINE_LOOP | constants::LINES | - constants::TRIANGLE_STRIP | constants::TRIANGLE_FAN | - constants::TRIANGLES => { - self.send_command(WebGLCommand::DrawElements(mode, count, type_, offset)); - self.mark_as_dirty(); - }, - _ => self.webgl_error(InvalidEnum), - } + self.send_command(WebGLCommand::DrawElements(mode, count, type_, offset)); + self.mark_as_dirty(); } // https://www.khronos.org/registry/webgl/specs/latest/1.0/#5.14.10 From d16a73001fa937734f4e96b693f9e36627f4ac38 Mon Sep 17 00:00:00 2001 From: Anthony Ramine Date: Mon, 16 Apr 2018 16:23:13 +0200 Subject: [PATCH 2/2] Check the bound buffer element array only for count > 0 in gl.drawElements See https://www.khronos.org/registry/webgl/specs/latest/1.0/#6.2 --- .../script/dom/webglrenderingcontext.rs | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/components/script/dom/webglrenderingcontext.rs b/components/script/dom/webglrenderingcontext.rs index 6529e94de6b..ce09fda8943 100644 --- a/components/script/dom/webglrenderingcontext.rs +++ b/components/script/dom/webglrenderingcontext.rs @@ -2183,19 +2183,21 @@ impl WebGLRenderingContextMethods for WebGLRenderingContext { return self.webgl_error(InvalidOperation); } - if let Some(array_buffer) = self.bound_buffer_element_array.get() { - // WebGL Spec: check buffer overflows, must be a valid multiple of the size. - let val = offset as u64 + (count as u64 * type_size as u64); - if val > array_buffer.capacity() as u64 { + if count > 0 { + if let Some(array_buffer) = self.bound_buffer_element_array.get() { + // WebGL Spec: check buffer overflows, must be a valid multiple of the size. + let val = offset as u64 + (count as u64 * type_size as u64); + if val > array_buffer.capacity() as u64 { + return self.webgl_error(InvalidOperation); + } + } else { + // From the WebGL spec + // + // a non-null WebGLBuffer must be bound to the ELEMENT_ARRAY_BUFFER binding point + // or an INVALID_OPERATION error will be generated. + // return self.webgl_error(InvalidOperation); } - } else { - // From the WebGL spec - // - // a non-null WebGLBuffer must be bound to the ELEMENT_ARRAY_BUFFER binding point - // or an INVALID_OPERATION error will be generated. - // - return self.webgl_error(InvalidOperation); } if !self.validate_framebuffer_complete() {