The Texture2D constructor suddenly does not support most TextureFormats.
complete
nuruwo
Summary:
Today's security update caused the Texture2D constructor in the VRChat client to no longer accept most texture formats, making it impossible to generate textures.
This issue also broke world assets developed by myself and other community members.
I strongly request this be corrected.
Environment:
PC(Windows) version , VRChat client 2024.3.1p4, build 1494.
(It does not occur on the Unity Editor.)
Code that reproduces the error:
var texture = new Texture2D(1024, 1024, TextureFormat.DXT1Crunched, false, false);
Error message:
See Image1
Texture format where the error occurs (not all):
- DXT1Crunched
- DXT1
- DXT5Crunched
- DXT5
- BC7
- ARGB32 (but RGBA32 is OK)
Affected assets (not all):
- PolygonLoading (my assets)
Load 3D Model is breaked.
See Image2
- Japan Street
Load posters and world are breaked.
See Image3
and more... (Tiharuum - ちはるーむ , CatsUdon TRPG Home)
Lastly:
I don't know what the relationship is between restricting texture formats and security, but my asset "PolygonLoading" is used by many users and 3D modelers, and there is no workaround for this problem, so If not resolved, the asset will be unavailable for further use.
Please fix it.
Log In
Tupper - VRChat Head of Community
complete
VRChat 2024.3.1p5, build 1495 restored functionality around texture constructors with non-standard TextureFormats. We appreciate your patience and feedback while we were getting this sorted securely.
The new limits remaining are a maximum dynamic texture allocation size of 1GB, with the
createUninitialized
parameter being unsupported.These limits are required to mitigate the security issue and will not be lifted further.
nuruwo
Tupper - VRChat Head of Community Thank you very much for the quick fix!
I have confirmed that my assets work perfectly (meaning that the restrictions imposed by the fix did not affect my assets).
I understand that security is a very important issue and difficult to disclose. I am grateful to the VRChat management and development team for imposing reasonable security restrictions.
Tupper - VRChat Head of Community
nuruwo You're welcome. Thank you for your kind message, your understanding, and your excellent feedback!
Tupper - VRChat Head of Community
Thanks for all of the feedback!
An effort was made to check that this did not impact community tools, but due to the massive breadth and depth of community content out there, it is impossible for us to know the full impact of things like this until we ship it. If we had discovered or known that it would have affected this amount of content, we would have informed you.
The issue that was addressed by this change was very significant. Speed was a requirement. Due to the severity of the issue addressed, we stand by our decision to ship it, despite not including a complete detail of deprecated or affected APIs.
All of that being said, we are working to restore full functionality soon with an upcoming patch.
Full disclosure of the issue addressed is pending further resolution and action being taken by upstream development teams. While we have addressed the issue within VRChat, other projects may still be vulnerable. Disclosing the details of the exploit addressed would endanger users on older versions of VRChat as well as other Unity-based projects. As such, we took the best possible action to reduce risk as quickly as possible, which is the most important factor in this situation.
---
機械翻訳を使ったことをお詫びします。
たくさんのフィードバックをありがとう!
コミュニティ・ツールに影響がないことを確認する努力はしましたが、コミュニティ・コンテンツは膨大な量と深さがあるため、このようなことの影響を完全に把握することは、出荷するまで不可能です。もし、このような大量のコンテンツに影響があることを発見、もしくは知っていたのであれば、皆さんにお知らせしていたでしょう。
この変更によって対処された問題は、非常に重要なものでした。スピードは必須条件でした。対処された問題の重大性のため、非推奨または影響を受けるAPIの完全な詳細が含まれていないにもかかわらず、私たちはこれを出荷するという決定を支持します。
とはいえ、近日中にパッチをリリースし、完全な機能を回復させる予定です。
対処された問題の完全な開示は、上流の開発チームによる更なる解決と対処が待たれるところです。VRChat 内ではこの問題に対処していますが、他のプロジェクトではまだ脆弱性が残っている可能性があります。対処したエクスプロイトの詳細を開示することは、古いバージョンのVRChatや他のUnityベースのプロジェクトのユーザーを危険にさらすことになります。そのため、この状況において最も重要な要素であるリスクを可能な限り迅速に軽減するため、最善の措置を講じました。
Μerlin
Tupper - VRChat Head of Community Please list breaking API changes. Telling users what APIs you have disabled does not meaningfully impact security as the community figured out what was wrong in short order and made it very public. What it does impact is the community's opinion of VRChat's ability to handle security issues professionally.
The community is still not aware of what the actual issue being fixed was in spite of knowing what APIs are affected, and that is to be expected. Hiding critical information from world creators that are affected by API changes even though they are using APIs legitimately has no benefit for VRChat, its users, or other Unity-based games.
A simple post like the following would likely be received much better and have zero impact on security: "Due to a potential security vulnerability, we have disabled constructing Texture2D objects at runtime with the following formats in Udon: <list of formats>. We are working to restore functionality as soon as possible and appreciate your understanding."
Also once again, VRChat
should
understand what the impact of its changes are before it makes them, if it doesn't that's a massive issue.nuruwo
I'll wait for your research to see which formats will (or won't) be available.
But I'll tell you in advance that for my needs (and I imagine for many other users), the additional support of the following two formats in the constructor is most important.
- DXT1Crunched
- DXT5Crunched
Because these are the file sizes are very small compared to other formats.I've attached image of the sizes of each format for reference.
nuruwo
I am the poster.
I'm sorry that this is not a technical comment, but I was told that some of my posts were "strong in tone," so I apologize for this.
I'm Japanese and I'm not very good at English, so I use Google Translate a lot. It seems I unintentionally used the wrong wording.
(I want to edit my post, but it seems that after a while I won't be able to edit it.)
Tupper - VRChat Head of Community
nuruwo No worries. Thank you for your post!
Voyage Voyage
So, at the moment, it seems that you can workaround the issue using an array (pool) of prepared textures and the method Reinitialize.
But only if the textures are not Crunched.
Could the VRCGraphicsApi provide alternative constructors in the future, if the standard constructors are considered a security risk ?
_
_tau_
tracked
This was changed in response to a relevant security issue. Security is important for VRChat, and as such we reacted to the report we received immediately. Unfortunately, this broke several texture formats for runtime construction, as outlined in this report. We were not aware that these were in common use, and as such prioritized implementing the same TextureFormats supported by our VRCImageDownloader class. The original plan was to remove Texture constructors alltogether, but we decided to add specific checks and allow what we assumed to be commonly used formats.
Given the report received here, we will investigate restoring access to other texture formats and keep you up to date here on this ticket. Do note that this is pending investigation if allowing these would impact the security fix or if other restrictions are necessary.
Μerlin
_tau_ I was going to write a whole long response, but realized it wouldn't be listened to either way so here's a bullet point list:
- Triage of things like this should not take so long that you need to rush out a breaking change if you have any security team and people familiar with Udon
- Please announce breaking API changes instead of making the community debug issues you knew about, it's super rude and condescending to make the community figure out whatyou brokejust to get their content working.
- VRChat prides itself in being open about communication, but constantly has excuses for why the most critical communication doesn't ever happen
- Failure to report known breakages like this reduces the community's trust that they can make any content and expect it to work
- It reflects poorly that you are so unsure of the security of your fixes that you make the community waste hours being confused and doing research instead of being open with them about the API being changed.
- It should not be a surprise to VRC when an API is used in Udon, you have the content, you should have basic stuff like what APIs worlds use. Ignorance is a poor excuse.
- It's not reassuring that VRC considered just breaking the whole API initially and had to come down from that to a limited break of a bunch of world prefabs
- I hope the risks of pushing out this break were measured including the worlds you would break. VRC has historically been super hair-trigger about security things. Know that major software packages and web browsers often wait for weeks to release fixes to critical issues if it takes that amount of time to fix the issues properly without breaking a bunch of things downstream.
- You are risking breaking not only popular community worlds, but also partner worlds like vket and furality and monetized worlds with changes like this. If you release these kinds of changes at bad times you could be risking sabotaging major events, and it's entirely possible malicious actors will wait to report critical issues just to make you act at bad times that maximize damage. This way of operating is a major risk to anyone who wants to partner with VRC or make any content that relies on it.
ku6dra
I did some quick research on the list of supported TextureFormats for Runtime and Editor after the update, and got the following results.
Test Code:
[SerializeField]
private int _format;
void OnEnable()
{
TextMeshProUGUI text = GetComponent<TextMeshProUGUI>();
text.text = $"<color=#888>{_format}";
TextureFormat textureFormat = (TextureFormat)_format;
text.text = $"<color=#F00>{_format}";
Texture2D texture = new Texture2D(4, 4, textureFormat, false, false);
text.text = $"<color=#0F0>{_format}";
}
Runtime Supported Formats:
(on 2024.3.1p4 build 1494)
[3] RGB24
[4] RGBA32
[9] R16
[20] RGBAFloat
[62] RG16
[63] R8
[72] RG32
[73] RGB48
[74] RGBA64
Editor Supported Formats:
(on com.vrchat.worlds 3.7.0)
[1] Alpha8
[2] ARGB4444
[3] RGB24
[4] RGBA32
[5] ARGB32
[7] RGB565
[9] R16
[10] DXT1
[12] DXT5
[13] RGBA4444
[14] BGRA32
[15] RHalf
[16] RGHalf
[17] RGBAHalf
[18] RFloat
[19] RGFloat
[20] RGBAFloat
[21] YUY2
[22] RGB9e5Float
[24] BC6H
[25] BC7
[26] BC4
[27] BC5
[28] DXT1Crunched
[29] DXT5Crunched
[30] PVRTC_RGB2
[31] PVRTC_RGBA2
[32] PVRTC_RGB4
[33] PVRTC_RGBA4
[34] ETC_RGB4
[41] EAC_R
[42] EAC_R_SIGNED
[43] EAC_RG
[44] EAC_RG_SIGNED
[45] ETC2_RGB
[46] ETC2_RGBA1
[47] ETC2_RGBA8
[48] ASTC_4x4
[49] ASTC_5x5
[50] ASTC_6x6
[51] ASTC_8x8
[52] ASTC_10x10
[53] ASTC_12x12
[62] RG16
[63] R8
[64] ETC_RGB4Crunched
[65] ETC2_RGBA8Crunched
[66] ASTC_HDR_4x4
[67] ASTC_HDR_5x5
[68] ASTC_HDR_6x6
[69] ASTC_HDR_8x8
[70] ASTC_HDR_10x10
[71] ASTC_HDR_12x12
[72] RG32
[73] RGB48
[74] RGBA64
The results indicate that formats like
Alpha8
and ARGB4444
, which are not Crunch Textures or Compressed Textures, are also prohibited. Are these TextureFormats also vulnerable?If, in the future, all formats except Crunch and Compressed Textures are allowed, I would personally prefer to use
RGB565
. However, this would result in a VRAM consumption four times larger than DTX1
, inevitably leading to performance degradation and increased data size. While we can use Texture2D.Compress()
to convert to DXT1
at runtime, the compression quality is not ideal.ku6dra
I ran the same test on Runtime version 2024.3.1p5 build 1495.
The results show that all texture formats supported by the Editor are now supported again in the Runtime.
(Additionally, the following TextureFormats were successfully created)
[54] ASTC_RGBA_4x4
[55] ASTC_RGBA_5x5
[56] ASTC_RGBA_6x6
[57] ASTC_RGBA_8x8
[58] ASTC_RGBA_10x10
[59] ASTC_RGBA_12x12
[60] ETC_RGB4_3DS
[61] ETC_RGBA8_3DS
Whether each of these TextureFormats can be rendered will depend on the Rendering API, Platform, and GPU model.
I'm glad to see that this issue has been fixed without major restrictions.
Voyage Voyage
Since I got warned about this issue before updating my client, I was able to confirm that, indeed :
* Before updating the client, loading models using BGRA32 and BC7 textures, using my Udon# GLB model loader, worked
* After updating the client, an Udon exception occured when trying to load the same model
The error content being :
2024.08.27 07:15:25 Error - [UdonBehaviour] An exception occurred during Udon execution, this UdonBehaviour will be halted.
VRC.Udon.VM.UdonVMException: An exception occurred in an UdonVM, execution will be halted. ---> VRC.Udon.VM.UdonVMException: An exception occurred during EXTERN to 'UnityEngineTexture2D.__ctor__SystemInt32_SystemInt32_UnityEngineTextureFormat_SystemBoolean__UnityEngineTexture2D'. ---> System.InvalidOperationException: Unsupported texture format for Texture constructor: BC7
at VRC.Udon.Wrapper.Modules.ExternUnityEngineTexture2D.ValidateTextureConstructor (System.Int64 width, System.Int64 height, System.Int64 depth, UnityEngine.TextureFormat format, System.Boolean createUninitialized) [0x00000] in <00000000000000000000000000000000>:0
and
2024.08.27 07:18:51 Error - [UdonBehaviour] An exception occurred during Udon execution, this UdonBehaviour will be halted.
VRC.Udon.VM.UdonVMException: An exception occurred in an UdonVM, execution will be halted. ---> VRC.Udon.VM.UdonVMException: An exception occurred during EXTERN to 'UnityEngineTexture2D.__ctor__SystemInt32_SystemInt32_UnityEngineTextureFormat_SystemBoolean__UnityEngineTexture2D'. ---> System.InvalidOperationException: Unsupported texture format for Texture constructor: BGRA32
at VRC.Udon.Wrapper.Modules.ExternUnityEngineTexture2D.ValidateTextureConstructor (System.Int64 width, System.Int64 height, System.Int64 depth, UnityEngine.TextureFormat format, System.Boolean createUninitialized) [0x00000] in <00000000000000000000000000000000>:0
at VRC.Udon.Wrapper.Modules.ExternUnityEngineTexture2D.__ctor__SystemInt32_SystemInt32_UnityEngineTextureFormat_SystemBoolean__UnityEngineTexture2D (VRC.Udon.Common.Interfaces.IUdonHeap heap, System.Span`1[T] parameterAddresses) [0x00000] in <00000000000000000000000000000000>:0
So this issue is clearly linked to VRChat 2024.3.1p4 build 1494, which patch notes only state :
* Safety and Security Fixes
So did you just remove the ability to load DXT textures at all ? (BGRA32 is an uncompressed form of DXT1)