Bug 60077 - [chromium] Properly handle huge initial dimensions for 2d canvas when accelerated 2d canvas is enabled
Summary: [chromium] Properly handle huge initial dimensions for 2d canvas when acceler...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other OS X 10.5
: P2 Normal
Assignee: James Robinson
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-03 16:04 PDT by James Robinson
Modified: 2011-05-24 01:43 PDT (History)
5 users (show)

See Also:

Attachments
Patch (3.46 KB, patch)
2011-05-03 16:08 PDT, James Robinson 		no flags Details | Formatted Diff | Diff
Patch (3.26 KB, patch)
2011-05-23 18:20 PDT, James Robinson 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description James Robinson 2011-05-03 16:04:13 PDT 
[chromium] Properly handle huge initial dimensions for 2d canvas when accelerated 2d canvas is enabled
Comment 1 James Robinson 2011-05-03 16:08:30 PDT 
Created attachment 92155 [details]
Patch
Comment 2 Kenneth Russell 2011-05-04 10:55:17 PDT 
Comment on attachment 92155 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92155&action=review

> Source/WebCore/platform/graphics/chromium/DrawingBufferChromium.cpp:101
> +    if (!reset(size)) {
> +        m_context.clear();
> +        return;
> +    }

The implementation of reset() references m_fbo which isn't initialized until the following line. Was this patch tested?
Comment 3 James Robinson 2011-05-04 14:44:47 PDT 
(In reply to comment #2)
> (From update of attachment 92155 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=92155&action=review
> 
> > Source/WebCore/platform/graphics/chromium/DrawingBufferChromium.cpp:101
> > +    if (!reset(size)) {
> > +        m_context.clear();
> > +        return;
> > +    }
> 
> The implementation of reset() references m_fbo which isn't initialized until the following line. Was this patch tested?

Whoops, I tested cases where the reset() fails but didn't test the case where it succeeds carefully enough.  Good catch.
Comment 4 James Robinson 2011-05-23 18:20:46 PDT 
Created attachment 94532 [details]
Patch
Comment 5 James Robinson 2011-05-23 18:22:12 PDT 
(In reply to comment #2)
> (From update of attachment 92155 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=92155&action=review
> 
> > Source/WebCore/platform/graphics/chromium/DrawingBufferChromium.cpp:101
> > +    if (!reset(size)) {
> > +        m_context.clear();
> > +        return;
> > +    }
> 
> The implementation of reset() references m_fbo which isn't initialized until the following line. Was this patch tested?

Good catch.

Patch updated.  if m_context is cleared then the ::create() function returns 0 and the DrawingBuffer and its resources are released.
Comment 6 Kenneth Russell 2011-05-23 18:45:57 PDT 
Comment on attachment 94532 [details]
Patch

Looks fine. I do wonder whether we should attempt to allocate the color buffer (generateColorTexture) at all if the size is too large, but it should fail with an OpenGL error and the cleanup code should work.
Comment 7 James Robinson 2011-05-23 18:47:43 PDT 
(In reply to comment #6)
> (From update of attachment 94532 [details])
> Looks fine. I do wonder whether we should attempt to allocate the color buffer (generateColorTexture) at all if the size is too large, but it should fail with an OpenGL error and the cleanup code should work.

I think it'd be better to not attempt to create it, but everything should work correctly even if it fails.  This path is not gonna be fast or resource light no matter what we do :)
Comment 8 WebKit Commit Bot 2011-05-24 01:42:57 PDT 
Comment on attachment 94532 [details]
Patch

Clearing flags on attachment: 94532

Committed r87136: <http://trac.webkit.org/changeset/87136>
Comment 9 WebKit Commit Bot 2011-05-24 01:43:02 PDT 
All reviewed patches have been landed.  Closing bug.