Luke Wilde 454bf0b7cd LibWeb/WebGL: Use robust versions of API calls provided by ANGLE ... The primary purpose of these is to add bounds checking to older OpenGL API calls that take arbitrarily sized buffers, but don't know the size of the buffer and thus rely on the application being certain the buffer is large enough. Since these API calls are exposed to arbitrary JS which can make arbitrarily sized buffers, it is not safe to use the non-robust variants, as we cannot know the size of the buffer ahead of time, nor the amount of data required by the API call. The robust variants provided by ANGLE adds a buffer size parameter, where it'll calculate the amount of data it needs for that API call for us and return an error if it's bigger than the given buffer size. Credit to https://github.com/s41nt0l3xus for finding this during a CTF and providing a write up that exploits this. See: 92efbaed6c/gpnctf-2025/WebGL-bird		2025-06-30 11:54:23 -06:00
..
IPCCompiler	Meta: Enforce newlines around namespaces	2025-05-14 02:01:59 -06:00
LibWeb	LibWeb/WebGL: Use robust versions of API calls provided by ANGLE	2025-06-30 11:54:23 -06:00
CMakeLists.txt	Meta: Rewrite GeneratePublicSuffixData in python	2025-06-30 14:03:55 +12:00