[Backport] CVE-2022-1479: Use after free in ANGLE

Manual cherry-pick of patch originally reviewed on
https://chromium-review.googlesource.com/c/angle/angle/+/3522283:
Fix crash when pausing XFB then deleting a buffer.

Fix is to validate XFB buffer bindings even if we're paused.
This is undefined behaviour so we can use any non-crashing solution.

Bug: chromium:1305190
Change-Id: Ib95404cdb13adbde7f34d6cc77473a8b3cbf1de7
Reviewed-by: Geoff Lang <geofflang@chromium.org>
Commit-Queue: Jamie Madill <jmadill@chromium.org>
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

1 files changed, 1 insertions, 1 deletions

diff --git a/chromium/third_party/angle/src/libANGLE/validationES.cpp b/chromium/third_party/angle/src/libANGLE/validationES.cpp
index 053b40ced2d..751d7e6553a 100644
--- a/chromium/third_party/angle/src/libANGLE/validationES.cpp
+++ b/chromium/third_party/angle/src/libANGLE/validationES.cpp
@@ -3851,7 +3851,7 @@ const char *ValidateDrawStates(const Context *context)
                 return kTessellationShaderRequiresBothControlAndEvaluation;
             }
 
-            if (state.isTransformFeedbackActiveUnpaused())
+            if (state.isTransformFeedbackActive())
             {
                 if (!ValidateProgramExecutableXFBBuffersPresent(context, executable))
                 {