Closed Bug 963839 Opened 12 years ago Closed 6 years ago

Requesting a WebGL canvas of above a certain size causes hardcrash

Categories

(Core :: Graphics: CanvasWebGL, defect, P2)

Product:
Core
Component:
Graphics: CanvasWebGL
Platform:
All
macOS
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jgilbert, Assigned: jgilbert)

Details

(Keywords: sec-vector)

Attachments

(2 files)

patch: Add hidden prefs for testing size limits
1.88 KB, patch
bjacob
: review-
Details | Diff | Splinter Review
patch: Add limits for Mac+ATI and include test pages to facilitate future similar testing
10.66 KB, patch
Details | Diff | Splinter Review
While working on bug 847714, I found that I could hardcrash my mac with very large resize requests. Root-causing this seems to show a crash when we request a WebGL canvas of size 14186^2 or larger. Further fidgeting shows that it seems to be a max pixel count, as 14000x14200 or similar works. MAX_TEXTURE_SIZE on this machine is 16384 by default. We should reduce this such that we don't get this issue.
Notably, 100 repeated resizes between 14185 and 14184 exhibits no bad behavior.
At some point, Chrome limited drawingbuffer dimensions to 4096. Maybe we should check that they are still doing it, and if so, do the same.
Comment on attachment 8365399 [details] [diff] [review] patch: Add hidden prefs for testing size limits Review of attachment 8365399 [details] [diff] [review]: ----------------------------------------------------------------- ::: gfx/gl/GLContext.cpp @@ +1085,5 @@ > > + if (DebugMode()) { > + uint32_t maxTexSize = Preferences::GetUint("gl.max-tex-size" , (uint32_t)0); > + uint32_t maxRBSize = Preferences::GetUint("gl.max-rb-size" , (uint32_t)0); > + uint32_t maxCubeSize = Preferences::GetUint("gl.max-cube-size", (uint32_t)0); Unfortunately, it is "illegal" to call the Preferences API off the main thread. You would have to move this to gfxPlatform, or convince people maintaining the preferences API to change their mind. (I am almost tempted to disregard this as this is just a debugging helper, but I'll try not to be too naughty this time. I feel sorry to r- a patch and be requesting it to be made less good instead).
Attachment #8365399 - Flags: review?(bjacob) → review-
Comment on attachment 8365400 [details] [diff] [review] patch: Add limits for Mac+ATI and include test pages to facilitate future similar testing Review of attachment 8365400 [details] [diff] [review]: ----------------------------------------------------------------- This patch depends on the previous one, so we need to clear the situation there first.
Attachment #8365400 - Flags: review?(bjacob)
If this is older than trunk, we need a security rating for this and the bug should go through the sec-approval process to checkin. https://wiki.mozilla.org/Security/Bug_Approval_Process
Keywords: sec-vector
Jeff: are we still planning on patching this?
Flags: needinfo?(jgilbert)
Group: core-security → gfx-core-security

My late-2013 15" MBP on NV dGPU seems to handle creating a webgl context for 15000x15000 ok, but I don't have an AMD GPU machine right now. I'll find one.

I suspect this will be WFM, though.

Flags: needinfo?(jgilbert)
Priority: -- → P2

kamidphish tested on AMD and it seems fine, so closing.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
Group: gfx-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: