Bug 39175 - Properly handle invalid arguments to CanvasRenderingContext2D's getImageData() and putImageData()
Summary: Properly handle invalid arguments to CanvasRenderingContext2D's getImageData(...
Status: CLOSED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks: 35784
  Show dependency treegraph
 
Reported: 2010-05-16 03:49 PDT by Andreas Kling
Modified: 2010-05-31 08:51 PDT (History)
1 user (show)

See Also:


Attachments
Proposed patch (16.58 KB, patch)
2010-05-16 03:52 PDT, Andreas Kling
kenneth: review+
Details | Formatted Diff | Diff
Proposed patch v2 (17.24 KB, patch)
2010-05-16 12:20 PDT, Andreas Kling
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Kling 2010-05-16 03:49:48 PDT
Both should throw NOT_SUPPORTED_ERR when called with nonfinite arguments.
getImageData() should throw INDEX_SIZE_ERR if either width or height is 0.

(HTML5 spec 4.8.11.1.12):
http://www.whatwg.org/specs/web-apps/current-work/#pixel-manipulation
Comment 1 Andreas Kling 2010-05-16 03:52:32 PDT
Created attachment 56185 [details]
Proposed patch
Comment 2 Kenneth Rohde Christiansen 2010-05-16 09:11:27 PDT
Comment on attachment 56185 [details]
Proposed patch

> +
> +    if (!isfinite(sx) || !isfinite(sy) || !isfinite(sw) || !isfinite(sh)) {
> +        ec = NOT_SUPPORTED_ERR;
> +        return 0;
> +    }
> +
> +    if (!sw || !sh) {
> +        ec = INDEX_SIZE_ERR;
> +        return 0;
> +    }

Doesnt it make sense to put this test before the first one? I mean check !sw before !isfinite(sh) ?
Comment 3 Andreas Kling 2010-05-16 12:20:09 PDT
Created attachment 56192 [details]
Proposed patch v2

I suppose that makes sense. Updated patch, also reordered similar checks in createImageData()
Comment 4 WebKit Commit Bot 2010-05-16 14:46:21 PDT
Comment on attachment 56192 [details]
Proposed patch v2

Clearing flags on attachment: 56192

Committed r59582: <http://trac.webkit.org/changeset/59582>
Comment 5 WebKit Commit Bot 2010-05-16 14:46:26 PDT
All reviewed patches have been landed.  Closing bug.
Comment 6 Andreas Kling 2010-05-31 08:51:31 PDT
Revision r59582 cherry-picked into qtwebkit-2.0 with commit 05f1904956548b8637eab82cf7f835218af6129a