From 0c250ea50b94b68549ce4555bea7f9cdf6f6e69f Mon Sep 17 00:00:00 2001
From: Jamie Madill <jmadill@chromium.org>
Date: Thu, 20 May 2021 12:22:46 -0400
Subject: [Backport] CVE-2021-30547: Out of bounds write in ANGLE

Cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/2911032:
D3D11: Fix respecifying 3D textures.

The missing check for the "Depth" dimension could lead to a bug
where we would not recreate a texture when the dimension changed.

Bug: chromium:1210414
Change-Id: Id59097ad14ae77ff80d27081f61786dad17a77ea
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Michal Klocek <michal.klocek@qt.io>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
---
 .../third_party/angle/src/libANGLE/renderer/d3d/d3d11/Image11.cpp     | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Image11.cpp b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Image11.cpp
index 9f742606c40..806037d34b8 100644
--- a/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Image11.cpp
+++ b/chromium/third_party/angle/src/libANGLE/renderer/d3d/d3d11/Image11.cpp
@@ -233,8 +233,8 @@ bool Image11::redefine(gl::TextureType type,
                        const gl::Extents &size,
                        bool forceRelease)
 {
-    if (mWidth != size.width || mHeight != size.height || mInternalFormat != internalformat ||
-        forceRelease)
+    if (mWidth != size.width || mHeight != size.height || mDepth != size.depth ||
+        mInternalFormat != internalformat || forceRelease)
     {
         // End the association with the TextureStorage, since that data will be out of date.
         // Also reset mRecoveredFromStorageCount since this Image is getting completely redefined.
-- 
cgit v1.2.3