Closed
Bug 894007
Opened 11 years ago
Closed 11 years ago
WebGL regression on conformance test 1.0.2
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
VERIFIED
FIXED
mozilla25
People
(Reporter: guillaume.abadie, Assigned: guillaume.abadie)
References
Details
Attachments
(2 files, 3 obsolete files)
2.22 KB,
patch
|
jgilbert
:
review+
|
Details | Diff | Splinter Review |
2.22 KB,
patch
|
bajaj
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
This WebGL conformance test 1.0.2 fail https://www.khronos.org/registry/webgl/conformance-suites/1.0.2/conformance/limits/gl-max-texture-dimensions.html because GLContext::GetIntegerv can return a non power of two value for MAX_TEXTURE_SIZE.
Assignee | ||
Updated•11 years ago
|
Assignee: nobody → gabadie
Blocks: CVE-2013-1729
Comment 1•11 years ago
|
||
Neat. When you have a fix, please make a PR for the webgl github repo.
Assignee | ||
Comment 2•11 years ago
|
||
Attachment #776062 -
Flags: review?(jgilbert)
Comment 3•11 years ago
|
||
Comment on attachment 776062 [details] [diff] [review]
patch revision 1
Review of attachment 776062 [details] [diff] [review]:
-----------------------------------------------------------------
::: content/canvas/src/WebGLContextValidate.cpp
@@ +873,5 @@
> }
>
> +static int32_t nearestPowerOfTwo(int32_t x)
> +{
> + return int32_t(pow(2.0, floor(log(double(x))/log(2.0))));
Correct in theory, but I'd rather have an int-only solution to this.
Evidently this is Coming Soon(tm) to mfbt/MathAlgo.h, but let's not hold ourselves back on that. Just steal the POT func from gfxUtils for now, which is int-only.
@@ +966,5 @@
>
> + mGLMaxTextureSize = nearestPowerOfTwo(mGLMaxTextureSize);
> + mGLMaxRenderbufferSize = nearestPowerOfTwo(mGLMaxRenderbufferSize);
> + mGLMaxViewportDims[0] = std::min(mGLMaxViewportDims[0], std::max(mGLMaxTextureSize, mGLMaxRenderbufferSize));
> + mGLMaxViewportDims[1] = std::min(mGLMaxViewportDims[1], std::max(mGLMaxTextureSize, mGLMaxRenderbufferSize));
I don't think we should have this limitation. MAX_VIEWPORT_DIMS is a hard limit on the size of the viewport, whereas MAX_TEXTURE_SIZE is a softer limit, and strictly-speaking only gives a hint about the largest square texture that the driver is willing to handle. (under my latest reading of the spec, at least)
Attachment #776062 -
Flags: review?(jgilbert) → review-
Assignee | ||
Comment 4•11 years ago
|
||
(In reply to Jeff Gilbert [:jgilbert] from comment #3)
> Comment on attachment 776062 [details] [diff] [review]
> patch revision 1
>
> Review of attachment 776062 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> ::: content/canvas/src/WebGLContextValidate.cpp
> @@ +873,5 @@
> > }
> >
> > +static int32_t nearestPowerOfTwo(int32_t x)
> > +{
> > + return int32_t(pow(2.0, floor(log(double(x))/log(2.0))));
>
> Correct in theory, but I'd rather have an int-only solution to this.
> Evidently this is Coming Soon(tm) to mfbt/MathAlgo.h, but let's not hold
> ourselves back on that. Just steal the POT func from gfxUtils for now, which
> is int-only.
Noted
>
> @@ +966,5 @@
> >
> > + mGLMaxTextureSize = nearestPowerOfTwo(mGLMaxTextureSize);
> > + mGLMaxRenderbufferSize = nearestPowerOfTwo(mGLMaxRenderbufferSize);
> > + mGLMaxViewportDims[0] = std::min(mGLMaxViewportDims[0], std::max(mGLMaxTextureSize, mGLMaxRenderbufferSize));
> > + mGLMaxViewportDims[1] = std::min(mGLMaxViewportDims[1], std::max(mGLMaxTextureSize, mGLMaxRenderbufferSize));
>
> I don't think we should have this limitation. MAX_VIEWPORT_DIMS is a hard
> limit on the size of the viewport, whereas MAX_TEXTURE_SIZE is a softer
> limit, and strictly-speaking only gives a hint about the largest square
> texture that the driver is willing to handle. (under my latest reading of
> the spec, at least)
I disagree.
Assuming MAX = max(MAX_TEXTURE_SIZE, NAX_RENDERBUFFER_SIZE) : The assertion MAX_VIEWPORT_DIMS <= MAX is not a limitation, because :
- if MAX_VIEWPORT_DIMS > MAX, therefore we can set a gl.viewport(0, 0, MAX, MAX) a draw once the entire frame. A even bigger viewport would be useless because it would be bigger than the rendering size, therefore samples outside the framebuffer/texture would be just ignored.
- if MAX_VIEWPORT_DIMS == MAX, therefore we can also set a gl.viewport(0, 0, MAX, MAX) a draw once the entire frame. No limitation
- if MAX_VIEWPORT_DIMS < MAX, therefore we can't set a gl.viewport(0, 0, MAX, MAX) and need to draw by several pass because of the driver limitation.
Therefore this assertion doesn't bring any limitations.
Comment 5•11 years ago
|
||
Guillaume, Jeff, remind me why trunk and aurora don't fail this test with a non-power-of-two max on OSX?
Flags: needinfo?(jgilbert)
Flags: needinfo?(gabadie)
Comment 6•11 years ago
|
||
(In reply to Guillaume Abadie from comment #4)
> I disagree.
> Assuming MAX = max(MAX_TEXTURE_SIZE, NAX_RENDERBUFFER_SIZE) : The assertion
> MAX_VIEWPORT_DIMS <= MAX is not a limitation, because :
> - if MAX_VIEWPORT_DIMS > MAX, therefore we can set a gl.viewport(0, 0, MAX,
> MAX) a draw once the entire frame. A even bigger viewport would be useless
> because it would be bigger than the rendering size, therefore samples
> outside the framebuffer/texture would be just ignored.
> - if MAX_VIEWPORT_DIMS == MAX, therefore we can also set a gl.viewport(0,
> 0, MAX, MAX) a draw once the entire frame. No limitation
> - if MAX_VIEWPORT_DIMS < MAX, therefore we can't set a gl.viewport(0, 0,
> MAX, MAX) and need to draw by several pass because of the driver limitation.
> Therefore this assertion doesn't bring any limitations.
My current reading of the spec is that MAX_TEXTURE_SIZE is only the largest size the driver guarantees that it won't emit INVALID_VALUE for, not the largest size that it will allow. Thus, with a 4k MAX_TEXTURE_SIZE, we might still succeed at allocation an 8k*1k texture, though it's not guaranteed. If we're given an 8k*1k texture, we'd want MAX_VIEWPORT_DIMS to at least support an 8k horizontal. Capping MAX_VIEWPORT_DIMS to MAX_TEXTURE_SIZE would disallow this.
Flags: needinfo?(jgilbert)
Comment 7•11 years ago
|
||
(In reply to Milan Sreckovic [:milan] from comment #5)
> Guillaume, Jeff, remind me why trunk and aurora don't fail this test with a
> non-power-of-two max on OSX?
We use the 1.0.1 conformance suite on all branches so far.
Comment 8•11 years ago
|
||
Hmm. Trying to figure out how 8k-1 max landed fine on central and aurora, but got bounced out of beta with the not-power-of-two error...
Comment 9•11 years ago
|
||
Doing a quick diff between beta's and central's version of content/canvas/test/webgl/test_webgl_conformance_test_suite.html shows significant differences between the two.
Comment 10•11 years ago
|
||
This test is blocking the uplift of the work in bug 879656 to FF23. We're already going to build with our first beta of the week today, our second-to-last Beta is going to build on Thursday - what is the status here and will this be ready in the next couple of days?
status-firefox23:
--- → affected
tracking-firefox23:
--- → +
Comment 11•11 years ago
|
||
(In reply to lsblakk@mozilla.com [:lsblakk] from comment #10)
> This test is blocking the uplift of the work in bug 879656 to FF23. We're
> already going to build with our first beta of the week today, our
> second-to-last Beta is going to build on Thursday - what is the status here
> and will this be ready in the next couple of days?
Yes, the fix for that bug no longer requires this bug.
Assignee | ||
Comment 12•11 years ago
|
||
We still have to decide if we are keeping or not the assertion MAX_VIEWPORT_DIMS <= MAX_TEXTURE_SIZE
Flags: needinfo?(gabadie)
Assignee | ||
Comment 14•11 years ago
|
||
After discussion on the public webgl mailing list, here is the patch.
https://tbpl.mozilla.org/?tree=Try&rev=57561ca03e38
Attachment #776062 -
Attachment is obsolete: true
Attachment #782655 -
Flags: review?(jgilbert)
Comment 15•11 years ago
|
||
Comment on attachment 782655 [details] [diff] [review]
patch revision 2
Review of attachment 782655 [details] [diff] [review]:
-----------------------------------------------------------------
::: content/canvas/src/WebGLContextValidate.cpp
@@ +888,5 @@
> + x |= (x >> 2);
> + x |= (x >> 4);
> + x |= (x >> 8);
> + x |= (x >> 16);
> + return (x + 1) / 2;
This is far more tricky than we need. Can we just use a while loop instead?
Assignee | ||
Comment 16•11 years ago
|
||
I feel so sad to let this that way, but here is :
Attachment #782655 -
Attachment is obsolete: true
Attachment #782655 -
Flags: review?(jgilbert)
Attachment #782768 -
Flags: review?(jgilbert)
Comment 17•11 years ago
|
||
Comment on attachment 782768 [details] [diff] [review]
patch revision 3
Review of attachment 782768 [details] [diff] [review]:
-----------------------------------------------------------------
::: content/canvas/src/WebGLContextValidate.cpp
@@ +885,5 @@
> +{
> + MOZ_ASSERT(x > 0);
> + int32_t POT = 1;
> + while (POT * 2 <= x) {
> + POT *= 2;
This looks like it will break for x=INT_MAX, or more generally, and x>=0x40000000.
Attachment #782768 -
Flags: review?(jgilbert) → review-
Assignee | ||
Comment 18•11 years ago
|
||
Oups I coded to fast. Still thinking that my first solution was the best, but here is the patch :
Attachment #782768 -
Attachment is obsolete: true
Attachment #782875 -
Flags: review?(jgilbert)
Comment 19•11 years ago
|
||
Comment on attachment 782875 [details] [diff] [review]
patch revision 4
Review of attachment 782875 [details] [diff] [review]:
-----------------------------------------------------------------
R+, but I think it's cleaner as:
while (pot < 0x40000000) {
if (x < pot*2)
break;
pot *= 2;
}
(breaking up the conditionals, since they have different purposes)
Attachment #782875 -
Flags: review?(jgilbert) → review+
Assignee | ||
Comment 20•11 years ago
|
||
Target Milestone: --- → mozilla25
Comment 21•11 years ago
|
||
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Updated•11 years ago
|
status-b2g18:
--- → unaffected
status-firefox24:
--- → affected
status-firefox25:
--- → fixed
status-firefox-esr17:
--- → affected
Comment 22•11 years ago
|
||
Were you going to request approval to uplift this to Fx24/esr17?
Flags: needinfo?(gabadie)
Assignee | ||
Comment 23•11 years ago
|
||
[Approval Request Comment]
Bug caused by (feature/regressing bug #): security bug 879656
User impact if declined: WebGL MAX_TEXTURE_SIZE must be a power of two
Testing completed (on m-c, etc.): Landed (revision dda34262d3b8)
Risk to taking this patch (and alternatives if risky): Low.
String or IDL/UUID changes made by this patch: No.
Attachment #784601 -
Flags: approval-mozilla-aurora?
Flags: needinfo?(gabadie)
Updated•11 years ago
|
Attachment #784601 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Assignee | ||
Comment 24•11 years ago
|
||
Assignee | ||
Updated•11 years ago
|
Comment 25•11 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #22)
> Were you going to request approval to uplift this to Fx24/esr17?
esr17?
Assignee | ||
Comment 26•11 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #25)
> (In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #22)
> > Were you going to request approval to uplift this to Fx24/esr17?
>
> esr17?
Oups sorry... I have forgotten to say that I tried to apply the patch on esr17, but the WebGL code is old. It can't be applied. Even we would like to apply it, we would have to changes to many things.
Comment 27•11 years ago
|
||
It will be in ESR24, so wontfixing for ESR17 - it doesn't meet the branch landing criteria anyway.
Comment 28•11 years ago
|
||
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0
Verified fixed on Firefox 24 beta 10 (buildID: 20130909203154) and latest Nightly (buildID: 20130909030204).
Comment 30•11 years ago
|
||
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:25.0) Gecko/20100101 Firefox/25.0
Also verified fixed on Firefox 25.0a2 (buildID: 20130910004002).
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•