Bug 240629

Summary: Safari15.4 can be CRASH when exec putImageData when imageData more than 512kb on window.open page.
Product: WebKit Reporter: yao zhang <boomyao>
Component: CanvasAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Blocker CC: bart.corremans, bfulgham, dino, kkinnunen, sabouhallawa, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 15   
Hardware: All   
OS: iOS 15   
Attachments:
Description Flags
crash demo none

yao zhang
Reported 2022-05-18 23:34:10 PDT
I simplify the way to crash on safari15.4. Step1: window.open a page; Step2: CanvasRenderingContext2D.putImageData(imageData, 0, 0), than CRASH! tip: imageData size more than 524 * 1000.
Attachments
crash demo (697 bytes, text/html)
2022-05-21 17:55 PDT, yao zhang 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2022-05-19 19:15:13 PDT
Could you please provide a test case that reproduces the issue?
yao zhang
Comment 2 2022-05-21 17:55:09 PDT
Created attachment 459643 [details] crash demo Test crash after click "jump to crash".
Radar WebKit Bug Importer
Comment 3 2022-05-21 18:34:03 PDT
<rdar://problem/93713654>
Bart Corremans
Comment 4 2022-05-23 02:06:06 PDT
This seems fixed in Technology Preview (at least since 17614.1.11.6). Related to https://bugs.webkit.org/show_bug.cgi?id=237674 ?
Note You need to log in before you can comment on or make changes to this bug.