Bug 251130

Summary: OffscreenCanvas::transferToImageBitmap doesn't restrict enforce size restrictions
Product: WebKit Reporter: Matt Woodrow <mattwoodrow>
Component: CanvasAssignee: Matt Woodrow <mattwoodrow>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Matt Woodrow
Reported Wednesday, January 25, 2023 4:27:58 AM UTC
We share code with HTMLCanvasElement via CanvasBase for allocating the backing store, with max size restrictions. transferToImageBitmap can sometimes allocate a new buffer (if there isn't one already), and it currently isn't using the same code, so doesn't have the same restrictions.
Attachments
Matt Woodrow
Comment 1 Wednesday, January 25, 2023 4:28:18 AM UTC
Matt Woodrow
Comment 2 Wednesday, January 25, 2023 4:30:34 AM UTC
EWS
Comment 3 Wednesday, February 8, 2023 10:16:04 PM UTC
Committed 260035@main (e4c57c810933): <https://commits.webkit.org/260035@main> Reviewed commits have been landed. Closing PR #9088 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.