Bug 66563

Summary: [Chromium] Crash when allocation of very large canvas fails
Product: WebKit Reporter: Justin Novosad <junov>
Component: CanvasAssignee: Justin Novosad <junov>
Status: RESOLVED FIXED    
Severity: Major CC: alokp, dglazkov, mdelaney7, senorblanco, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Windows XP   
URL: http://www.atopon.org/maze/
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Description Justin Novosad 2011-08-19 08:40:22 PDT 
This is in reference to Chromium bug: http://code.google.com/p/chromium/issues/detail?id=88038

A patch soon to land in Chromium will introduce a non-crashing version of the canvas factory function CreateBitmapCanvas.  The constructor of ImageBuffer in ImageBufferSkia.cpp must be modified to use the non-crashing version, and gracefully fail when it returns NULL.
Comment 1 Justin Novosad 2011-08-19 10:44:41 PDT 
Created attachment 104525 [details]
Patch
Comment 2 WebKit Review Bot 2011-08-19 10:52:07 PDT 
Comment on attachment 104525 [details]
Patch

Attachment 104525 [details] did not pass chromium-ews (chromium-xvfb):
Output: http://queues.webkit.org/results/9439367
Comment 3 Justin Novosad 2011-08-19 10:54:50 PDT 
Created attachment 104527 [details]
Patch
Comment 4 Justin Novosad 2011-08-19 11:18:09 PDT 
Created attachment 104529 [details]
Patch
Comment 5 Stephen White 2011-08-22 07:30:09 PDT 
Comment on attachment 104529 [details]
Patch

Looks good.  r=me
Comment 6 WebKit Review Bot 2011-08-22 09:02:23 PDT 
Comment on attachment 104529 [details]
Patch

Clearing flags on attachment: 104529

Committed r93512: <http://trac.webkit.org/changeset/93512>
Comment 7 WebKit Review Bot 2011-08-22 09:02:28 PDT 
All reviewed patches have been landed.  Closing bug.