Bug 242788

Summary:	Don't nullify WebGLExtension::m_context on context loss.
Product:	WebKit	Reporter:	Dan Glastonbury <djg>
Component:	WebGL	Assignee:	Dan Glastonbury <djg>
Status:	RESOLVED FIXED
Severity:	Major	CC:	dino, kbr, kkinnunen, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	All
OS:	All

Dan Glastonbury

Reported 2022-07-14 21:36:58 PDT

WebGLExtension::loseParentContext() nulls m_context pointer. In the GPUP world, where any GL call can result in a context loss, this behaviour can lead to null pointer access at random places inside a WebGL extension object after the code has checked for a valid m_context pointer at function entry.

Attachments
Add attachment proposed patch, testcase, etc.

Dan Glastonbury

Comment 1 2022-07-14 21:37:40 PDT

rdar://95969241

Dan Glastonbury

Comment 2 2022-07-14 21:49:37 PDT

Pull request: https://github.com/WebKit/WebKit/pull/2442

EWS

Comment 3 2022-07-25 19:35:18 PDT

Committed 252810@main (554972c0f0a7): <https://commits.webkit.org/252810@main> Reviewed commits have been landed. Closing PR #2442 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.