[Backport] CVE-2022-2008: Out of bounds memory access in WebGL

Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/3651153:
D3D: Fix race condition with parallel shader compile.

Bug: chromium:1317673
Change-Id: I0fb7c9a66248852e41e8700e80c295393ef941e8
Reviewed-by: Jie A Chen <jie.a.chen@intel.com>
Reviewed-by: Lingfeng Yang <lfy@google.com>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>

1 files changed, 5 insertions, 6 deletions

diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/ProgramD3D.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/ProgramD3D.cpp
index b6dc0672678..eb8714503d4 100644
--- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/ProgramD3D.cpp
+++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/ProgramD3D.cpp
@@ -1687,12 +1687,6 @@ class ProgramD3D::GetVertexExecutableTask : public ProgramD3D::GetExecutableTask
     angle::Result run() override
     {
         ANGLE_TRACE_EVENT0("gpu.angle", "ProgramD3D::GetVertexExecutableTask::run");
-        if (!mProgram->mState.getAttachedShader(gl::ShaderType::Vertex))
-        {
-            return angle::Result::Continue;
-        }
-
-        mProgram->updateCachedInputLayoutFromShader();
 
         ANGLE_TRY(mProgram->getVertexExecutableForCachedInputLayout(this, &mExecutable, &mInfoLog));
 
@@ -2147,6 +2141,11 @@ std::unique_ptr<LinkEvent> ProgramD3D::link(const gl::Context *context,
 
         linkResources(resources);
 
+        if (mState.getAttachedShader(gl::ShaderType::Vertex))
+        {
+            updateCachedInputLayoutFromShader();
+        }
+
         return compileProgramExecutables(context, infoLog);
     }
 }