[WebGLOnWebGPU] Fix texture target handling in deleteTexture

1. Add validation for invalid texture targets to avoid OOB access in
   bound_textures_.
2. Fix the binding cleanup loop to ensure all texture units are
   iterated over.

Bug: 466163478
Change-Id: Id386db9245f9d1b9b1990a483269b3e99b1553bd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7231049
Commit-Queue: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Kai Ninomiya <kainino@chromium.org>
Reviewed-by: Corentin Wallez <cwallez@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1558353}

third_party/blink/renderer/modules/webgl/webgl_rendering_context_webgpu_base.cc

diff --git a/third_party/blink/renderer/modules/webgl/webgl_rendering_context_webgpu_base.cc b/third_party/blink/renderer/modules/webgl/webgl_rendering_context_webgpu_base.cc
index cf2b3ae..8d7834e 100644
--- a/third_party/blink/renderer/modules/webgl/webgl_rendering_context_webgpu_base.cc
+++ b/third_party/blink/renderer/modules/webgl/webgl_rendering_context_webgpu_base.cc
@@ -885,14 +885,15 @@
     return;
   }
 
-  size_t texture_type_idx =
-      static_cast<size_t>(GLenumToTextureTarget(texture->GetTarget()));
-  for (size_t texture_unit_idx = 0; texture_unit_idx < bound_textures_.size();
-       texture_unit_idx++) {
-    Member<WebGLTexture>& bound_texture =
-        bound_textures_[texture_type_idx][texture_unit_idx];
-    if (bound_texture == texture) {
-      bound_texture = nullptr;
+  TextureTarget texture_target = GLenumToTextureTarget(texture->GetTarget());
+  if (texture_target != TextureTarget::kUnkown) {
+    size_t texture_type_idx = static_cast<size_t>(texture_target);
+    CHECK_LT(texture_type_idx, bound_textures_.size());
+    auto& bound_textures_for_type = bound_textures_[texture_type_idx];
+    for (auto& bound_texture : bound_textures_for_type) {
+      if (bound_texture == texture) {
+        bound_texture = nullptr;
+      }
     }
   }