Bug 1324727 - Check for invalid DOM upload format/type. - r=daoshengmu a=lizzard
authorJeff Gilbert <jgilbert@mozilla.com>
Tue, 20 Dec 2016 15:03:21 -0800
changeset 353245 873e56b03a26a6cbf373f006752ca3402f5cb9e9
parent 353244 d017df016ffdeb2392d517d44cd0eae1917c02cb
child 353246 774d2940581c4100d174185474c6950205e3f149
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-esr52@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersdaoshengmu, lizzard
bugs1324727
milestone52.0a2
Bug 1324727 - Check for invalid DOM upload format/type. - r=daoshengmu a=lizzard MozReview-Commit-ID: 2uZi1ILyMIM
dom/canvas/TexUnpackBlob.cpp
--- a/dom/canvas/TexUnpackBlob.cpp
+++ b/dom/canvas/TexUnpackBlob.cpp
@@ -14,16 +14,75 @@
 #include "WebGLBuffer.h"
 #include "WebGLContext.h"
 #include "WebGLTexelConversions.h"
 #include "WebGLTexture.h"
 
 namespace mozilla {
 namespace webgl {
 
+static bool
+IsPIValidForDOM(const webgl::PackingInfo& pi)
+{
+    // https://www.khronos.org/registry/webgl/specs/latest/2.0/#TEXTURE_TYPES_FORMATS_FROM_DOM_ELEMENTS_TABLE
+
+    // Just check for invalid individual formats and types, not combinations.
+    switch (pi.format) {
+    case LOCAL_GL_RGB:
+    case LOCAL_GL_RGBA:
+    case LOCAL_GL_LUMINANCE_ALPHA:
+    case LOCAL_GL_LUMINANCE:
+    case LOCAL_GL_ALPHA:
+    case LOCAL_GL_RED:
+    case LOCAL_GL_RED_INTEGER:
+    case LOCAL_GL_RG:
+    case LOCAL_GL_RG_INTEGER:
+    case LOCAL_GL_RGB_INTEGER:
+    case LOCAL_GL_RGBA_INTEGER:
+        break;
+
+    case LOCAL_GL_SRGB:
+    case LOCAL_GL_SRGB_ALPHA:
+        // Allowed in WebGL1+EXT_srgb
+        break;
+
+    default:
+        return false;
+    }
+
+    switch (pi.type) {
+    case LOCAL_GL_UNSIGNED_BYTE:
+    case LOCAL_GL_UNSIGNED_SHORT_5_6_5:
+    case LOCAL_GL_UNSIGNED_SHORT_4_4_4_4:
+    case LOCAL_GL_UNSIGNED_SHORT_5_5_5_1:
+    case LOCAL_GL_HALF_FLOAT:
+    case LOCAL_GL_HALF_FLOAT_OES:
+    case LOCAL_GL_FLOAT:
+    case LOCAL_GL_UNSIGNED_INT_10F_11F_11F_REV:
+        break;
+
+    default:
+        return false;
+    }
+
+    return true;
+}
+
+static bool
+ValidatePIForDOM(WebGLContext* webgl, const char* funcName,
+                 const webgl::PackingInfo& pi)
+{
+    if (!IsPIValidForDOM(pi)) {
+        webgl->ErrorInvalidOperation("%s: Format or type is invalid for DOM sources.",
+                                     funcName);
+        return false;
+    }
+    return true;
+}
+
 static WebGLTexelFormat
 FormatForPackingInfo(const PackingInfo& pi)
 {
     switch (pi.type) {
     case LOCAL_GL_UNSIGNED_BYTE:
         switch (pi.format) {
         case LOCAL_GL_RED:
         case LOCAL_GL_LUMINANCE:
@@ -506,16 +565,19 @@ TexUnpackImage::TexUnpackImage(const Web
 
 TexUnpackImage::~TexUnpackImage()
 { }
 
 bool
 TexUnpackImage::Validate(WebGLContext* webgl, const char* funcName,
                          const webgl::PackingInfo& pi)
 {
+    if (!ValidatePIForDOM(webgl, funcName, pi))
+        return false;
+
     const auto& fullRows = mImage->GetSize().height;
     return ValidateUnpackPixels(webgl, funcName, fullRows, 0, this);
 }
 
 bool
 TexUnpackImage::TexOrSubImage(bool isSubImage, bool needsRespec, const char* funcName,
                               WebGLTexture* tex, TexImageTarget target, GLint level,
                               const webgl::DriverUnpackInfo* dui, GLint xOffset,
@@ -669,16 +731,19 @@ GetFormatForSurf(gfx::SourceSurface* sur
 }
 
 //////////
 
 bool
 TexUnpackSurface::Validate(WebGLContext* webgl, const char* funcName,
                            const webgl::PackingInfo& pi)
 {
+    if (!ValidatePIForDOM(webgl, funcName, pi))
+        return false;
+
     const auto& fullRows = mSurf->GetSize().height;
     return ValidateUnpackPixels(webgl, funcName, fullRows, 0, this);
 }
 
 bool
 TexUnpackSurface::TexOrSubImage(bool isSubImage, bool needsRespec, const char* funcName,
                                 WebGLTexture* tex, TexImageTarget target, GLint level,
                                 const webgl::DriverUnpackInfo* dstDUI, GLint xOffset,