The advisory isn't quite accurate, though this does get a little tricky to describe accurately:
> Uninitialized GPU memory is leaked and could be read following a call to WebGL's copyTexSubImage2D
>
> When reading from out-of-bounds regions of a source resource with WebGL's <code>copyTexSubImage2D</code> method, the specification requires that the destination pixels that correspond to the out-of-bounds regions (of the source resource) are unchanged. When the previous contents of the destination resource were marked for lazy initialization, destination pixels that correspond to the out-of-bounds regions (of the source resource) were marked as initialized without being either written to or lazily clearing the previously-uninitialized contents to zero, leading to potentially sensitive data disclosure.
Bug 1625404 Comment 35 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
The advisory isn't quite accurate, though this does get a little tricky to describe accurately:
> Uninitialized GPU memory is leaked and could be read following a call to WebGL's copyTexSubImage2D
>
> When reading from out-of-bounds regions of a source resource with WebGL's <code>copyTexSubImage2D</code> method, the specification requires that the destination pixels that correspond to the out-of-bounds regions (of the source resource) are left unchanged. When the previous contents of the destination resource were marked for lazy initialization, destination pixels that correspond to the out-of-bounds regions (of the source resource) were marked as initialized without being either written to or lazily clearing the previously-uninitialized contents to zero, leading to potentially sensitive data disclosure.
The advisory isn't quite accurate, though this does get a little tricky to describe accurately:
> Uninitialized GPU memory is leaked and could be read following a call to WebGL's copyTexSubImage2D
>
> When reading from out-of-bounds regions of a source resource with WebGL's <code>copyTexSubImage2D</code> method, the specification requires that the destination pixels that correspond to the out-of-bounds regions (of the source resource) are left unchanged. When the contents of the destination resource were marked for lazy initialization, destination pixels that correspond to the out-of-bounds regions (of the source resource) were marked as initialized without being either written to or lazily clearing the previously-uninitialized contents to zero, leading to potentially sensitive data disclosure.