CLOSED FIXED Bug 39175
Properly handle invalid arguments to CanvasRenderingContext2D's getImageData() and putImageData() 
https://bugs.webkit.org/show_bug.cgi?id=39175
Summary Properly handle invalid arguments to CanvasRenderingContext2D's getImageData(...
Andreas Kling
Reported 2010-05-16 03:49:48 PDT
Both should throw NOT_SUPPORTED_ERR when called with nonfinite arguments. getImageData() should throw INDEX_SIZE_ERR if either width or height is 0. (HTML5 spec 4.8.11.1.12): http://www.whatwg.org/specs/web-apps/current-work/#pixel-manipulation
Attachments
Proposed patch (16.58 KB, patch)
2010-05-16 03:52 PDT, Andreas Kling 		kenneth: review+
DetailsFormatted DiffDiff
Proposed patch v2 (17.24 KB, patch)
2010-05-16 12:20 PDT, Andreas Kling 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Andreas Kling
Comment 1 2010-05-16 03:52:32 PDT
Created attachment 56185 [details] Proposed patch
Kenneth Rohde Christiansen
Comment 2 2010-05-16 09:11:27 PDT
Comment on attachment 56185 [details] Proposed patch > + > + if (!isfinite(sx) || !isfinite(sy) || !isfinite(sw) || !isfinite(sh)) { > + ec = NOT_SUPPORTED_ERR; > + return 0; > + } > + > + if (!sw || !sh) { > + ec = INDEX_SIZE_ERR; > + return 0; > + } Doesnt it make sense to put this test before the first one? I mean check !sw before !isfinite(sh) ?
Andreas Kling
Comment 3 2010-05-16 12:20:09 PDT
Created attachment 56192 [details] Proposed patch v2 I suppose that makes sense. Updated patch, also reordered similar checks in createImageData()
WebKit Commit Bot
Comment 4 2010-05-16 14:46:21 PDT
Comment on attachment 56192 [details] Proposed patch v2 Clearing flags on attachment: 56192 Committed r59582: <http://trac.webkit.org/changeset/59582>
WebKit Commit Bot
Comment 5 2010-05-16 14:46:26 PDT
All reviewed patches have been landed. Closing bug.
Andreas Kling
Comment 6 2010-05-31 08:51:31 PDT
Revision r59582 cherry-picked into qtwebkit-2.0 with commit 05f1904956548b8637eab82cf7f835218af6129a
Note You need to log in before you can comment on or make changes to this bug.