Skip to content

GitLab

T
tangled
Commit 70496076 authored by junov's avatar junov Committed by Commit bot
Browse files
Options

Make toDataURL robust with respect to allocation failures 

It is not safe to assume that ImageData::create always returns
a valid point.  Internally it uses DOMUint8ClampedArray::createOrNull
which returns null instead of crashing when allocation fails.
This change adds the appropriate null pointer checks to take
that into account.

BUG=647824
NOTRY=true

Review-Url: https://codereview.chromium.org/2361493003
Cr-Commit-Position: refs/heads/master@{#420625}
parent 0dffe41c
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 2 deletions
third_party/WebKit/Source/core/html/HTMLCanvasElement.cpp
View file @ 70496076
...@@ -626,7 +626,7 @@ ImageData* HTMLCanvasElement::toImageData(SourceDrawingBuffer sourceBuffer, Snap ...@@ -626,7 +626,7 @@ ImageData* HTMLCanvasElement::toImageData(SourceDrawingBuffer sourceBuffer, Snap
m_context->paintRenderingResultsToCanvas(sourceBuffer); m_context->paintRenderingResultsToCanvas(sourceBuffer);
imageData = ImageData::create(m_size); imageData = ImageData::create(m_size);
if (hasImageBuffer()) { if (imageData && hasImageBuffer()) {
sk_sp<SkImage> snapshot = buffer()->newSkImageSnapshot(PreferNoAcceleration, reason); sk_sp<SkImage> snapshot = buffer()->newSkImageSnapshot(PreferNoAcceleration, reason);
if (snapshot) { if (snapshot) {
SkImageInfo imageInfo = SkImageInfo::Make(width(), height(), kRGBA_8888_SkColorType, kUnpremul_SkAlphaType); SkImageInfo imageInfo = SkImageInfo::Make(width(), height(), kRGBA_8888_SkColorType, kUnpremul_SkAlphaType);
...@@ -638,7 +638,7 @@ ImageData* HTMLCanvasElement::toImageData(SourceDrawingBuffer sourceBuffer, Snap ...@@ -638,7 +638,7 @@ ImageData* HTMLCanvasElement::toImageData(SourceDrawingBuffer sourceBuffer, Snap
imageData = ImageData::create(m_size); imageData = ImageData::create(m_size);
if (!m_context) if (!m_context || !imageData)
return imageData; return imageData;
DCHECK(m_context->is2d()); DCHECK(m_context->is2d());
...@@ -662,6 +662,9 @@ String HTMLCanvasElement::toDataURLInternal(const String& mimeType, const double ...@@ -662,6 +662,9 @@ String HTMLCanvasElement::toDataURLInternal(const String& mimeType, const double
ImageData* imageData = toImageData(sourceBuffer, SnapshotReasonToDataURL); ImageData* imageData = toImageData(sourceBuffer, SnapshotReasonToDataURL);
if (!imageData) // allocation failure
return String("data:,");
return ImageDataBuffer(imageData->size(), imageData->data()->data()).toDataURL(encodingMimeType, quality); return ImageDataBuffer(imageData->size(), imageData->data()->data()).toDataURL(encodingMimeType, quality);
} }
...@@ -746,6 +749,12 @@ void HTMLCanvasElement::toBlob(BlobCallback* callback, const String& mimeType, c ...@@ -746,6 +749,12 @@ void HTMLCanvasElement::toBlob(BlobCallback* callback, const String& mimeType, c
ImageData* imageData = toImageData(BackBuffer, SnapshotReasonToBlob); ImageData* imageData = toImageData(BackBuffer, SnapshotReasonToBlob);
if (!imageData) {
// ImageData allocation faillure
TaskRunnerHelper::get(TaskType::CanvasBlobSerialization, &document())->postTask(BLINK_FROM_HERE, WTF::bind(&BlobCallback::handleEvent, wrapPersistent(callback), nullptr));
return;
}
CanvasAsyncBlobCreator* asyncCreator = CanvasAsyncBlobCreator::create(imageData->data(), encodingMimeType, imageData->size(), callback, startTime, document()); CanvasAsyncBlobCreator* asyncCreator = CanvasAsyncBlobCreator::create(imageData->data(), encodingMimeType, imageData->size(), callback, startTime, document());
bool useIdlePeriodScheduling = (encodingMimeType != "image/webp"); bool useIdlePeriodScheduling = (encodingMimeType != "image/webp");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment