Bug 227792

Summary: Canvas and OffscreenCanvas getContext should check if argument is an object before trying to convert it to a dictionary
Product: WebKit Reporter: Chris Lord <clord>
Component: CanvasAssignee: Chris Lord <clord>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, changseok, clopez, dino, esprehn+autocc, ews-watchlist, ggaren, gyuyoung.kim, koivisto, pnormand, sam, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://github.com/web-platform-tests/wpt/pull/29618
Bug Depends on: 225836    
Bug Blocks: 225870    
Attachments:
Description Flags
Patch
none
Patch
none
Patch
none
Patch none

Chris Lord
Reported 2021-07-08 05:00:56 PDT
Since r277543, which introduced canvas settings handling, imported/w3c/web-platform-tests/html/canvas/offscreen/the-offscreen-canvas/2d.getcontext.extraargs.html and the worker equivalent have been failing. This is due to a TypeError when trying to convert the non-object arguments into a dictionary. Reading the spec, both the section on getContext[1] and the section on context creation[2], it seems that arguments are expected to be converted to either an object or null before being converted to a settings dictionary. As we lack this step, there are more situations where we throw an exception when a compliant browser wouldn't. [1] https://html.spec.whatwg.org/multipage/canvas.html#dom-offscreencanvas-getcontext [2] https://html.spec.whatwg.org/multipage/canvas.html#offscreen-2d-context-creation-algorithm Ms2ger is working on more tests for this in WPT, we should fix this bug and sync those tests here once they exist.
Attachments
Patch (104.55 KB, patch)
2021-07-12 08:56 PDT, Chris Lord 		no flags
DetailsFormatted DiffDiff
Patch (48.48 KB, patch)
2021-07-12 09:34 PDT, Chris Lord 		no flags
DetailsFormatted DiffDiff
Patch (49.43 KB, patch)
2021-07-12 09:54 PDT, Chris Lord 		no flags
DetailsFormatted DiffDiff
Patch (49.43 KB, patch)
2021-07-20 02:14 PDT, Chris Lord 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Chris Lord
Comment 1 2021-07-12 08:56:14 PDT
Created attachment 433322 [details] Patch
Chris Lord
Comment 2 2021-07-12 09:34:13 PDT
Created attachment 433327 [details] Patch
Chris Lord
Comment 3 2021-07-12 09:54:19 PDT
Created attachment 433328 [details] Patch
Radar WebKit Bug Importer
Comment 4 2021-07-15 05:01:17 PDT
<rdar://problem/80625487>
Sam Weinig
Comment 5 2021-07-19 11:55:15 PDT
Comment on attachment 433328 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=433328&action=review > Source/WebCore/html/HTMLCanvasElement.cpp:288 > + auto settings = convert<IDLDictionary<CanvasRenderingContext2DSettings>>(state, (!arguments.isEmpty() && arguments[0].isObject()) ? arguments[0].get() : JSC::jsUndefined()); I don't think we need the isEmpty() check if we are checking isObject(). That said, I would perfer we make this a bit closer o the spec language (e.g. https://html.spec.whatwg.org/multipage/canvas.html#dom-canvas-getcontext) and use jsNull() if not an object).
Chris Lord
Comment 6 2021-07-20 01:39:51 PDT
(In reply to Sam Weinig from comment #5) > Comment on attachment 433328 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=433328&action=review > > > Source/WebCore/html/HTMLCanvasElement.cpp:288 > > + auto settings = convert<IDLDictionary<CanvasRenderingContext2DSettings>>(state, (!arguments.isEmpty() && arguments[0].isObject()) ? arguments[0].get() : JSC::jsUndefined()); > > I don't think we need the isEmpty() check if we are checking isObject(). > That said, I would perfer we make this a bit closer o the spec language > (e.g. > https://html.spec.whatwg.org/multipage/canvas.html#dom-canvas-getcontext) > and use jsNull() if not an object). We still need the check as arguments can be empty, but from this I'm guessing what you're saying is it should be undefined (no arguments), null (argument that isn't an object) or dictionary (at least one object argument specified that converts without an exception). I don't know that there's any observable side-effect from what you're suggesting, but I'll amend the patch.
Chris Lord
Comment 7 2021-07-20 02:14:50 PDT
Created attachment 433862 [details] Patch
Sam Weinig
Comment 8 2021-07-20 08:58:27 PDT
(In reply to Chris Lord from comment #6) > (In reply to Sam Weinig from comment #5) > > Comment on attachment 433328 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=433328&action=review > > > > > Source/WebCore/html/HTMLCanvasElement.cpp:288 > > > + auto settings = convert<IDLDictionary<CanvasRenderingContext2DSettings>>(state, (!arguments.isEmpty() && arguments[0].isObject()) ? arguments[0].get() : JSC::jsUndefined()); > > > > I don't think we need the isEmpty() check if we are checking isObject(). > > That said, I would perfer we make this a bit closer o the spec language > > (e.g. > > https://html.spec.whatwg.org/multipage/canvas.html#dom-canvas-getcontext) > > and use jsNull() if not an object). > > We still need the check as arguments can be empty, but from this I'm > guessing what you're saying is it should be undefined (no arguments), null > (argument that isn't an object) or dictionary (at least one object argument > specified that converts without an exception). > > I don't know that there's any observable side-effect from what you're > suggesting, but I'll amend the patch. Apologies, I totally read that wrong. I read it as arguments[0].isEmpty() when that's not what it is at all :(. I think you can keep that part the same, and just replace the jsUndefined() with jsNull(), but either will result in the same thing so r=me.
Chris Lord
Comment 9 2021-07-20 09:46:51 PDT
Comment on attachment 433862 [details] Patch I guess this doesn't hurt and it does read closer to the spec, even if it doesn't make a difference, so let's go for it :)
EWS
Comment 10 2021-07-20 10:08:05 PDT
Committed r280084 (239809@main): <https://commits.webkit.org/239809@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 433862 [details].
Note You need to log in before you can comment on or make changes to this bug.