- Revision
- 185603
- Author
- commit-qu...@webkit.org
- Date
- 2015-06-16 12:50:59 -0700 (Tue, 16 Jun 2015)
Log Message
Canvas dimensions should be limited to 4096x4096 pixels on iOS devices.
https://bugs.webkit.org/show_bug.cgi?id=145998
Patch by Said Abou-Hallawa <sabouhall...@apple.com> on 2015-06-16
Reviewed by Darin Adler.
Source/WebCore:
The value of MaxCanvasArea should depend on the platform. If the platform
is iOS, the limit should be 64M. Otherwise the limit should be 1G.
Test: fast/canvas/pattern-too-large-to-create-2.html
* html/HTMLCanvasElement.cpp: Change MaxCanvasArea value based on the platform.
* rendering/svg/RenderSVGShape.h:
(WebCore::RenderSVGShape::graphicsElement): Remove un-implemented constructor.
LayoutTests:
* fast/canvas/canvas-toDataURL-crash-expected.txt:
* fast/canvas/pattern-too-large-to-create-expected.txt: Change the expected
results due to changing the type of MaxCanvasArea from float to unsigned.
* fast/canvas/canvas-too-large-to-draw-expected.txt: Added.
* fast/canvas/canvas-too-large-to-draw.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (185602 => 185603)
--- trunk/LayoutTests/ChangeLog 2015-06-16 19:47:49 UTC (rev 185602)
+++ trunk/LayoutTests/ChangeLog 2015-06-16 19:50:59 UTC (rev 185603)
@@ -1,3 +1,17 @@
+2015-06-16 Said Abou-Hallawa <sabouhall...@apple.com>
+
+ Canvas dimensions should be limited to 4096x4096 pixels on iOS devices.
+ https://bugs.webkit.org/show_bug.cgi?id=145998
+
+ Reviewed by Darin Adler.
+
+ * fast/canvas/canvas-toDataURL-crash-expected.txt:
+ * fast/canvas/pattern-too-large-to-create-expected.txt: Change the expected
+ results due to changing the type of MaxCanvasArea from float to unsigned.
+
+ * fast/canvas/canvas-too-large-to-draw-expected.txt: Added.
+ * fast/canvas/canvas-too-large-to-draw.html: Added.
+
2015-06-16 Alexey Proskuryakov <a...@apple.com>
REGRESSION: js/dom/navigator-plugins-crash.html asserts a lot
Modified: trunk/LayoutTests/fast/canvas/canvas-toDataURL-crash-expected.txt (185602 => 185603)
--- trunk/LayoutTests/fast/canvas/canvas-toDataURL-crash-expected.txt 2015-06-16 19:47:49 UTC (rev 185602)
+++ trunk/LayoutTests/fast/canvas/canvas-toDataURL-crash-expected.txt 2015-06-16 19:50:59 UTC (rev 185603)
@@ -1,4 +1,4 @@
-CONSOLE MESSAGE: line 6: Canvas area exceeds the maximum limit (width * height > 2.68435e+8).
+CONSOLE MESSAGE: line 6: Canvas area exceeds the maximum limit (width * height > 268435456).
PASS
Calling toDataURL() on a huge canvas shouldn't crash. If the text above is "PASS", the test passed.
Added: trunk/LayoutTests/fast/canvas/canvas-too-large-to-draw-expected.txt (0 => 185603)
--- trunk/LayoutTests/fast/canvas/canvas-too-large-to-draw-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/canvas/canvas-too-large-to-draw-expected.txt 2015-06-16 19:50:59 UTC (rev 185603)
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 35: Canvas area exceeds the maximum limit (width * height > 268435456).
+
Added: trunk/LayoutTests/fast/canvas/canvas-too-large-to-draw.html (0 => 185603)
--- trunk/LayoutTests/fast/canvas/canvas-too-large-to-draw.html (rev 0)
+++ trunk/LayoutTests/fast/canvas/canvas-too-large-to-draw.html 2015-06-16 19:50:59 UTC (rev 185603)
@@ -0,0 +1,38 @@
+<!DOCTYPE html>
+<html>
+<head>
+ <style>
+ canvas {
+ width: 100px;
+ height: 100px;
+ background-color: red;
+ }
+ </style>
+</head>
+<body>
+ <canvas id="canvas1"></canvas>
+ <canvas id="canvas2"></canvas>
+ <script>
+ if (window.testRunner)
+ window.testRunner.dumpAsText();
+
+ var iOSPlatform = navigator.userAgent.search(/\biPhone OS\b/) != -1;
+ var MAX_WIDTH = iOSPlatform ? Math.pow(2, 12) : Math.pow(2, 14);
+ var MAX_HEIGHT = iOSPlatform ? Math.pow(2, 12) : Math.pow(2, 14);
+
+ function fillCanvas(id, width, height) {
+ var canvas = document.getElementById(id);
+ canvas.width = width;
+ canvas.height = height;
+
+ var ctx = canvas.getContext("2d");
+
+ ctx.fillStyle = "lime";
+ ctx.fillRect(0, 0, width, height);
+ }
+
+ fillCanvas("canvas1", MAX_WIDTH, MAX_HEIGHT);
+ fillCanvas("canvas2", MAX_WIDTH + 1, MAX_HEIGHT);
+ </script>
+</body>
+</html>
Modified: trunk/LayoutTests/fast/canvas/pattern-too-large-to-create-expected.txt (185602 => 185603)
--- trunk/LayoutTests/fast/canvas/pattern-too-large-to-create-expected.txt 2015-06-16 19:47:49 UTC (rev 185602)
+++ trunk/LayoutTests/fast/canvas/pattern-too-large-to-create-expected.txt 2015-06-16 19:50:59 UTC (rev 185603)
@@ -1,2 +1,2 @@
-CONSOLE MESSAGE: line 18: Canvas area exceeds the maximum limit (width * height > 2.68435e+8).
+CONSOLE MESSAGE: line 18: Canvas area exceeds the maximum limit (width * height > 268435456).
PASS: Saw exception.
Modified: trunk/Source/WebCore/ChangeLog (185602 => 185603)
--- trunk/Source/WebCore/ChangeLog 2015-06-16 19:47:49 UTC (rev 185602)
+++ trunk/Source/WebCore/ChangeLog 2015-06-16 19:50:59 UTC (rev 185603)
@@ -1,3 +1,20 @@
+2015-06-16 Said Abou-Hallawa <sabouhall...@apple.com>
+
+ Canvas dimensions should be limited to 4096x4096 pixels on iOS devices.
+ https://bugs.webkit.org/show_bug.cgi?id=145998
+
+ Reviewed by Darin Adler.
+
+ The value of MaxCanvasArea should depend on the platform. If the platform
+ is iOS, the limit should be 64M. Otherwise the limit should be 1G.
+
+ Test: fast/canvas/pattern-too-large-to-create-2.html
+
+ * html/HTMLCanvasElement.cpp: Change MaxCanvasArea value based on the platform.
+
+ * rendering/svg/RenderSVGShape.h:
+ (WebCore::RenderSVGShape::graphicsElement): Remove un-implemented constructor.
+
2015-06-16 Chris Dumez <cdu...@apple.com>
REGRESSION(r185012): chat frame in Gmail now says "Something's not right"
Modified: trunk/Source/WebCore/html/HTMLCanvasElement.cpp (185602 => 185603)
--- trunk/Source/WebCore/html/HTMLCanvasElement.cpp 2015-06-16 19:47:49 UTC (rev 185602)
+++ trunk/Source/WebCore/html/HTMLCanvasElement.cpp 2015-06-16 19:50:59 UTC (rev 185603)
@@ -67,7 +67,11 @@
// Firefox limits width/height to 32767 pixels, but slows down dramatically before it
// reaches that limit. We limit by area instead, giving us larger maximum dimensions,
// in exchange for a smaller maximum canvas size. The maximum canvas size is in device pixels.
-static const float MaxCanvasArea = 16384 * 16384;
+#if PLATFORM(IOS)
+static const unsigned MaxCanvasArea = 4096 * 4096;
+#else
+static const unsigned MaxCanvasArea = 16384 * 16384;
+#endif
HTMLCanvasElement::HTMLCanvasElement(const QualifiedName& tagName, Document& document)
: HTMLElement(tagName, document)
Modified: trunk/Source/WebCore/rendering/svg/RenderSVGShape.h (185602 => 185603)
--- trunk/Source/WebCore/rendering/svg/RenderSVGShape.h 2015-06-16 19:47:49 UTC (rev 185602)
+++ trunk/Source/WebCore/rendering/svg/RenderSVGShape.h 2015-06-16 19:50:59 UTC (rev 185603)
@@ -46,7 +46,6 @@
class RenderSVGShape : public RenderSVGModelObject {
public:
RenderSVGShape(SVGGraphicsElement&, Ref<RenderStyle>&&);
- RenderSVGShape(SVGGraphicsElement&, Ref<RenderStyle>&&, Path*, bool);
virtual ~RenderSVGShape();
SVGGraphicsElement& graphicsElement() const { return downcast<SVGGraphicsElement>(RenderSVGModelObject::element()); }