OOM when specifying large `first` index for drawArrays
Categories
(Core :: Graphics: CanvasWebGL, defect, P1)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox105 | --- | fixed |
People
(Reporter: jkratzer, Assigned: jgilbert)
Details
(Keywords: testcase, Whiteboard: [fuzzblocker])
Attachments
(4 files)
Firefox memory usage
When passing a large value to the drawArrays first parameter, an OOM occurs. Chrome does not appear to be affected by this issue.
This issue is currently blocking fuzzing. Is it possible to make this allocation fallible or first check if the value is sane before attempting to allocate such a large buffer?
|
Reporter | |
Comment 1•2 years ago
|
||
|
|
Reporter | |
Comment 2•2 years ago
|
||
|
||
Comment 3•2 years ago
|
||
The severity field is not set for this bug.
:aosmond, could you have a look please?
For more information, please visit auto_nag documentation.
|
Assignee | |
Comment 4•2 years ago
|
||
Ah, yeah, we're polyfilling no-attrib-arrays with attrib-arrays, and for correctness we can't naively just skip to first and only alloc count. (it gets particularly tricky once you add in instance divisor handling)
It would be reasonable to pick some upper bound like 10M verts (10M*4*4=160MB) and just claim OOM for more than that.
|
|
Assignee | |
Comment 5•2 years ago
|
||
Otherwise seemingly lightweight but unusual calls like
drawArrays(offset:1.5billion) will try to allocate a very large gpu
buffer, which sometimes takes a very long time.
This is unusual and we shouldn't encourage it, so let's just add a
limit. 10M is 160MB, which is generally big enough but not too big.
Pushed by jgilbert@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/d481929dba88 Add limit webgl.fake-verts.max=10M. r=gfx-reviewers,lsalzman
|
||
Comment 7•2 years ago
|
||
| bugherder | ||
|
||
Updated•1 year ago
|
Description
•