Bug 682335 - crash [@ WebGLContext::BufferSubData_array] - r=jrmuizel, a=clegnitto
authorBenoit Jacob <bjacob@mozilla.com>
Fri, 09 Sep 2011 18:00:20 -0400
changeset 73153 6464f5277ba619c1527b118560cce3099cc49c3d
parent 73144 12bfaef14a355628bc2a96982ec0b65f5f6ec713
child 73154 c792a27dae068129a09fc965f3ab2bc3c3d0591d
push id223
push userbjacob@mozilla.com
push dateWed, 14 Sep 2011 08:37:53 +0000
treeherdermozilla-beta@c792a27dae06 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjrmuizel, clegnitto
bugs682335
milestone7.0
Bug 682335 - crash [@ WebGLContext::BufferSubData_array] - r=jrmuizel, a=clegnitto
content/canvas/src/WebGLContext.h
--- a/content/canvas/src/WebGLContext.h
+++ b/content/canvas/src/WebGLContext.h
@@ -751,37 +751,41 @@ public:
     void SetByteLength(GLuint byteLength) { mByteLength = byteLength; }
     void SetTarget(GLenum target) { mTarget = target; }
 
     // element array buffers are the only buffers for which we need to keep a copy of the data.
     // this method assumes that the byte length has previously been set by calling SetByteLength.
     PRBool CopyDataIfElementArray(const void* data) {
         if (mTarget == LOCAL_GL_ELEMENT_ARRAY_BUFFER) {
             mData = realloc(mData, mByteLength);
-            if (!mData)
+            if (!mData) {
+                mByteLength = 0;
                 return PR_FALSE;
+            }
             memcpy(mData, data, mByteLength);
         }
         return PR_TRUE;
     }
 
     // same comments as for CopyElementArrayData
     PRBool ZeroDataIfElementArray() {
         if (mTarget == LOCAL_GL_ELEMENT_ARRAY_BUFFER) {
             mData = realloc(mData, mByteLength);
-            if (!mData)
+            if (!mData) {
+                mByteLength = 0;
                 return PR_FALSE;
+            }
             memset(mData, 0, mByteLength);
         }
         return PR_TRUE;
     }
 
     // same comments as for CopyElementArrayData
     void CopySubDataIfElementArray(GLuint byteOffset, GLuint byteLength, const void* data) {
-        if (mTarget == LOCAL_GL_ELEMENT_ARRAY_BUFFER) {
+        if (mTarget == LOCAL_GL_ELEMENT_ARRAY_BUFFER && mByteLength) {
             memcpy((void*) (size_t(mData)+byteOffset), data, byteLength);
         }
     }
 
     // this method too is only for element array buffers. It returns the maximum value in the part of
     // the buffer starting at given offset, consisting of given count of elements. The type T is the type
     // to interprete the array elements as, must be GLushort or GLubyte.
     template<typename T>