[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Public WebGL] WebGL Shader Validation



So a simple XSS exploit on a high volume site could potentially leave millions of machines frozen displaying some possibly extremely unsavory message? The targeted site doesn't have to have anything to do with displaying 3D content.

Its not clear whether a GPU response timeout should be part of the spec. but without it a WebGL enabled browser exposes one hell of a vulnerability which the opponents of WebGL, for example those in Redmond, will, in turn, do their best to exploit for their own nefarious purposes.

Regards

Alan




On 06/16/2010 05:18 PM, Gregg Tavares wrote:
What's the definition of "crash"?

There are lots of shaders that will effectively freeze OSX for long enough that it will appear as though the entire system is frozen. The system is waiting for the GPU to finish and if that takes 30 minutes then the system will wait 30 minutes. Don't know about the infinite loop case

Window7 will do a hard reset of the GPU after a few seconds so the user gets his machine back.

I'm personally hoping Apple will add similar behavior to OSX and iOS.

-g


On Wed, Jun 16, 2010 at 5:04 PM, Paul Sawaya <psawaya@apple.com> wrote:
Hi,

What is the current state of WebGL shader validation?

I'm curious, since shader containing a trivial infinite loop (while (true) {} ) crashes my entire system in the latest Safari. Google's ANGLE verifies this shader without a problem, and leaves the loop intact.

Thanks
Paul
-----------------------------------------------------------
You are currently subscribed to public_webgl@khronos.org.
To unsubscribe, send an email to majordomo@khronos.org with
the following command in the body of your email:


!DSPAM:4c196be2212643966023671!