Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-10 11:55:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 911851 - Check WebGL sizeiptr arguments - r=jgilbert

Browse Source
This commit is contained in:
Benoit Jacob 2013-09-04 08:14:39 -04:00
parent 6c5bf3a9b1
commit 3b4ac1f606
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
content/canvas/src/WebGLContextBuffers.cpp
View File

@ -152,6 +152,10 @@ WebGLContext::BufferData(WebGLenum target, WebGLsizeiptr size,
if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
return;
// careful: WebGLsizeiptr is always 64-bit, but GLsizeiptr is like intptr_t.
if (!CheckedInt<GLsizeiptr>(size).isValid())
return ErrorOutOfMemory("bufferData: bad size");
WebGLBuffer* boundBuffer = bufferSlot->get();
if (!boundBuffer)
@ -199,6 +203,10 @@ WebGLContext::BufferData(WebGLenum target,
const ArrayBuffer& data = maybeData.Value();
// careful: data.Length() could conceivably be any size_t, but GLsizeiptr is like intptr_t.
if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
return ErrorOutOfMemory("bufferData: bad size");
if (!ValidateBufferUsageEnum(usage, "bufferData: usage"))
return;
@ -244,6 +252,10 @@ WebGLContext::BufferData(WebGLenum target, const ArrayBufferView& data,
if (!boundBuffer)
return ErrorInvalidOperation("bufferData: no buffer bound!");
// careful: data.Length() could conceivably be any size_t, but GLsizeiptr is like intptr_t.
if (!CheckedInt<GLsizeiptr>(data.Length()).isValid())
return ErrorOutOfMemory("bufferData: bad size");
InvalidateBufferFetching();
MakeContextCurrent();