Bug 966630 - Clamp level to TexImage operations to [0..31]. r=jgilbert, a=1.3+
authorDan Glastonbury <dglastonbury@mozilla.com>
Mon, 14 Apr 2014 17:27:24 +1000
changeset 171289 6d9cfa6f24dd5d9d9e997d0d0b6cd71f59007e29
parent 171288 ab227cdd984c41e6063c2c7695ead5dab4c3c25d
child 171290 7c263121d3e0430ea276642c8295117ce3f623cb
push id367
push userryanvm@gmail.com
push dateWed, 16 Apr 2014 15:06:18 +0000
reviewersjgilbert, 1
bugs966630
milestone28.0
Bug 966630 - Clamp level to TexImage operations to [0..31]. r=jgilbert, a=1.3+
content/canvas/src/WebGLContextValidate.cpp
--- a/content/canvas/src/WebGLContextValidate.cpp
+++ b/content/canvas/src/WebGLContextValidate.cpp
@@ -439,16 +439,29 @@ bool WebGLContext::ValidateLevelWidthHei
 {
     GLsizei maxTextureSize = MaxTextureSizeForTarget(target);
 
     if (level < 0) {
         ErrorInvalidValue("%s: level must be >= 0", info);
         return false;
     }
 
+    /* Bug 966630: maxTextureSize >> level runs into "undefined"
+     * behaviour depending on ISA. For example, on Intel shifts
+     * amounts are mod 64 (in 64-bit mode on 64-bit dest) and mod 32
+     * otherwise. This means 16384 >> 0x10000001 == 8192 which isn't
+     * what would be expected. Make the required behaviour explicit by
+     * clamping to a shift of 31 bits if level is greater than that
+     * ammount. This will give 0 that if (!maxAllowedSize) is
+     * expecting.
+     */
+
+    if (level > 31)
+        level = 31;
+
     GLsizei maxAllowedSize = maxTextureSize >> level;
 
     if (!maxAllowedSize) {
         ErrorInvalidValue("%s: 2^level exceeds maximum texture size", info);
         return false;
     }
 
     if (width < 0 || height < 0) {