webkit2gtk3/backport-CVE-2024-4558.patch

From 9d7ec80f78039e6646fcfc455ab4c05aa393f34c Mon Sep 17 00:00:00 2001
From: Kimmo Kinnunen <kkinnunen@apple.com>
Date: Tue, 14 May 2024 22:37:29 -0700
Subject: [PATCH] Cherry-pick ANGLE.
 https://bugs.webkit.org/show_bug.cgi?id=274165

https://bugs.webkit.org/show_bug.cgi?id=274165
rdar://127764804

Reviewed by Dan Glastonbury.

Cherry-pick ANGLE upstream commit 1bb1ee061fe0bce322fb93b447a72e72c993a1f2:

GL: Sync unpack state for glCompressedTexSubImage3D

Unpack state is supposed to be ignored for compressed tex image calls
but some drivers use it anyways and read incorrect data.

Texture3DTestES3.PixelUnpackStateTexSubImage covers this case.

Bug: chromium:337766133
Change-Id: Ic11a056113b1850bd5b4d6840527164a12849a22
Reviewed-on:https://chromium-review.googlesource.com/c/angle/angle/+/5498735
Commit-Queue: Shahbaz Youssefi <syoussefi@chromium.org>
Reviewed-by: Shahbaz Youssefi <syoussefi@chromium.org>
Canonical link: https://commits.webkit.org/274313.341@webkitglib/2.44

Reference:https://github.com/WebKit/WebKit/commit/9d7ec80f78039e6646fcfc455ab4c05aa393f34c
Conflict:StateManager->mStateManager,adapt context
---
 Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp b/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
index 2ff6fbc..d0fea5d 100644
--- a/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
+++ b/Source/ThirdParty/ANGLE/src/libANGLE/renderer/gl/TextureGL.cpp
@@ -530,6 +530,7 @@ gl::Error TextureGL::setCompressedSubImage(const gl::Context *context,
         nativegl::GetCompressedSubTexImageFormat(mFunctions, mWorkarounds, format);
 
     mStateManager->bindTexture(getTarget(), mTextureID);
+    ANGLE_TRY(mStateManager->setPixelUnpackState(context, unpack));
     if (UseTexImage2D(getTarget()))
     {
         ASSERT(area.z == 0 && area.depth == 1);
-- 
2.33.0