Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix bounds check in Queue::writeBuffer when buffer has been destroyed
https://bugs.webkit.org/show_bug.cgi?id=270538 rdar://123811082 Reviewed by Mike Wyrzykowski. Buffer::destroy updates m_buffer but didn't update m_size, and it shouldn't update the size as seen by the JS API. Instead of updating it, I derive the size from m_buffer and replace size() with currentSize() and initialSize() I also add a null check to avoid writing to a buffer that is null. * LayoutTests/fast/webgpu/write-to-destroyed-buffer-expected.txt: Added. * LayoutTests/fast/webgpu/write-to-destroyed-buffer.html: Added. * Source/WebGPU/WebGPU/Buffer.h: (WebGPU::Buffer::create): * Source/WebGPU/WebGPU/Buffer.mm: (WebGPU::Device::createBuffer): (WebGPU::Buffer::Buffer): (WebGPU::Buffer::getMappedRange): (WebGPU::Buffer::errorValidatingMapAsync const): (WebGPU::Buffer::mapAsync): (WebGPU::Buffer::size const): * Source/WebGPU/WebGPU/Queue.mm: (WebGPU::Queue::validateWriteBuffer const): Canonical link: https://commits.webkit.org/275756@main
- Loading branch information