diff options
| author | Geoff Lang <geofflang@google.com> | 2022-06-01 11:22:42 -0400 |
|---|---|---|
| committer | Michael Brüning <michael.bruning@qt.io> | 2022-06-16 19:53:22 +0000 |
| commit | f5bab85d334114170c3c65e97d7517f25e7f3c5a (patch) | |
| tree | 0361325b1d8355e6c2c8cc5917f5761f4d7093c1 | |
| parent | af3e1da0322c50415e7a0f9fe36066ef3f52d692 (diff) | |
| download | qtwebengine-chromium-f5bab85d334114170c3c65e97d7517f25e7f3c5a.tar.gz | |
[Backport] Security bug 1316578
Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/3683869:
Ignore eglBind/ReleaseTexImage calls for lost contexts.
eglBindTexImage and eglReleaseTexImage no-op when no context is
current. Extend this to lost contexts to match the behaviour of making
a GL call on a lost context.
This avoids potential unexpected bad accesses in the backends.
Bug: chromium:1316578
Change-Id: I7b309c297e0c803019720733dee2950abb4c4b5f
Reviewed-by: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Alexis Hétu <sugoi@google.com>
Reviewed-by: Alexis Hétu <sugoi@chromium.org>
Commit-Queue: Geoff Lang <geofflang@chromium.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
| -rw-r--r-- | chromium/third_party/angle/src/libANGLE/validationEGL.cpp | 2 | ||||
| -rw-r--r-- | chromium/third_party/angle/src/libGLESv2/egl_stubs.cpp | 19 |
2 files changed, 12 insertions, 9 deletions
diff --git a/chromium/third_party/angle/src/libANGLE/validationEGL.cpp b/chromium/third_party/angle/src/libANGLE/validationEGL.cpp index 4e6bbb7ed6b..66beff32a8f 100644 --- a/chromium/third_party/angle/src/libANGLE/validationEGL.cpp +++ b/chromium/third_party/angle/src/libANGLE/validationEGL.cpp @@ -4582,7 +4582,7 @@ bool ValidateBindTexImage(const ValidationContext *val, } gl::Context *context = val->eglThread->getContext(); - if (context) + if (context && !context->isContextLost()) { gl::TextureType type = egl_gl::EGLTextureTargetToTextureType(surface->getTextureTarget()); gl::Texture *textureObject = context->getTextureByType(type); diff --git a/chromium/third_party/angle/src/libGLESv2/egl_stubs.cpp b/chromium/third_party/angle/src/libGLESv2/egl_stubs.cpp index bb287415241..0fbdcdf4a77 100644 --- a/chromium/third_party/angle/src/libGLESv2/egl_stubs.cpp +++ b/chromium/third_party/angle/src/libGLESv2/egl_stubs.cpp @@ -61,7 +61,7 @@ EGLBoolean BindTexImage(Thread *thread, Display *display, Surface *eglSurface, E GetDisplayIfValid(display), EGL_FALSE); gl::Context *context = thread->getContext(); - if (context) + if (context && !context->isContextLost()) { gl::TextureType type = egl_gl::EGLTextureTargetToTextureType(eglSurface->getTextureTarget()); @@ -565,15 +565,18 @@ EGLBoolean ReleaseTexImage(Thread *thread, Display *display, Surface *eglSurface { ANGLE_EGL_TRY_RETURN(thread, display->prepareForCall(), "eglReleaseTexImage", GetDisplayIfValid(display), EGL_FALSE); - gl::Texture *texture = eglSurface->getBoundTexture(); - - if (texture) + gl::Context *context = thread->getContext(); + if (context && !context->isContextLost()) { - ANGLE_EGL_TRY_RETURN(thread, eglSurface->releaseTexImage(thread->getContext(), buffer), - "eglReleaseTexImage", GetSurfaceIfValid(display, eglSurface), - EGL_FALSE); - } + gl::Texture *texture = eglSurface->getBoundTexture(); + if (texture) + { + ANGLE_EGL_TRY_RETURN(thread, eglSurface->releaseTexImage(thread->getContext(), buffer), + "eglReleaseTexImage", GetSurfaceIfValid(display, eglSurface), + EGL_FALSE); + } + } thread->setSuccess(); return EGL_TRUE; } |