RESOLVED FIXED 60077
[chromium] Properly handle huge initial dimensions for 2d canvas when accelerated 2d canvas is enabled 
https://bugs.webkit.org/show_bug.cgi?id=60077
Summary [chromium] Properly handle huge initial dimensions for 2d canvas when acceler...
James Robinson
Reported 2011-05-03 16:04:13 PDT
[chromium] Properly handle huge initial dimensions for 2d canvas when accelerated 2d canvas is enabled
Attachments
Patch (3.46 KB, patch)
2011-05-03 16:08 PDT, James Robinson 		no flags
DetailsFormatted DiffDiff
Patch (3.26 KB, patch)
2011-05-23 18:20 PDT, James Robinson 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
James Robinson
Comment 1 2011-05-03 16:08:30 PDT
Created attachment 92155 [details] Patch
Kenneth Russell
Comment 2 2011-05-04 10:55:17 PDT
Comment on attachment 92155 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92155&action=review > Source/WebCore/platform/graphics/chromium/DrawingBufferChromium.cpp:101 > + if (!reset(size)) { > + m_context.clear(); > + return; > + } The implementation of reset() references m_fbo which isn't initialized until the following line. Was this patch tested?
James Robinson
Comment 3 2011-05-04 14:44:47 PDT
(In reply to comment #2) > (From update of attachment 92155 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=92155&action=review > > > Source/WebCore/platform/graphics/chromium/DrawingBufferChromium.cpp:101 > > + if (!reset(size)) { > > + m_context.clear(); > > + return; > > + } > > The implementation of reset() references m_fbo which isn't initialized until the following line. Was this patch tested? Whoops, I tested cases where the reset() fails but didn't test the case where it succeeds carefully enough. Good catch.
James Robinson
Comment 4 2011-05-23 18:20:46 PDT
Created attachment 94532 [details] Patch
James Robinson
Comment 5 2011-05-23 18:22:12 PDT
(In reply to comment #2) > (From update of attachment 92155 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=92155&action=review > > > Source/WebCore/platform/graphics/chromium/DrawingBufferChromium.cpp:101 > > + if (!reset(size)) { > > + m_context.clear(); > > + return; > > + } > > The implementation of reset() references m_fbo which isn't initialized until the following line. Was this patch tested? Good catch. Patch updated. if m_context is cleared then the ::create() function returns 0 and the DrawingBuffer and its resources are released.
Kenneth Russell
Comment 6 2011-05-23 18:45:57 PDT
Comment on attachment 94532 [details] Patch Looks fine. I do wonder whether we should attempt to allocate the color buffer (generateColorTexture) at all if the size is too large, but it should fail with an OpenGL error and the cleanup code should work.
James Robinson
Comment 7 2011-05-23 18:47:43 PDT
(In reply to comment #6) > (From update of attachment 94532 [details]) > Looks fine. I do wonder whether we should attempt to allocate the color buffer (generateColorTexture) at all if the size is too large, but it should fail with an OpenGL error and the cleanup code should work. I think it'd be better to not attempt to create it, but everything should work correctly even if it fails. This path is not gonna be fast or resource light no matter what we do :)
WebKit Commit Bot
Comment 8 2011-05-24 01:42:57 PDT
Comment on attachment 94532 [details] Patch Clearing flags on attachment: 94532 Committed r87136: <http://trac.webkit.org/changeset/87136>
WebKit Commit Bot
Comment 9 2011-05-24 01:43:02 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.