Bug 251130

Summary:	OffscreenCanvas::transferToImageBitmap doesn't restrict enforce size restrictions
Product:	WebKit	Reporter:	Matt Woodrow <mattwoodrow>
Component:	Canvas	Assignee:	Matt Woodrow <mattwoodrow>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	dino, webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Matt Woodrow

Reported Wednesday, January 25, 2023 4:27:58 AM UTC

We share code with HTMLCanvasElement via CanvasBase for allocating the backing store, with max size restrictions. transferToImageBitmap can sometimes allocate a new buffer (if there isn't one already), and it currently isn't using the same code, so doesn't have the same restrictions.

Attachments
Add attachment proposed patch, testcase, etc.

Matt Woodrow

Comment 1 Wednesday, January 25, 2023 4:28:18 AM UTC

<rdar://104298886>

Matt Woodrow

Comment 2 Wednesday, January 25, 2023 4:30:34 AM UTC

Pull request: https://github.com/WebKit/WebKit/pull/9088

EWS

Comment 3 Wednesday, February 8, 2023 10:16:04 PM UTC

Committed 260035@main (e4c57c810933): <https://commits.webkit.org/260035@main> Reviewed commits have been landed. Closing PR #9088 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.