Bug 791905 - reject WebGL canvas sizes greater than INT_MAX - r=jgilbert
authorBenoit Jacob <bjacob@mozilla.com>
Thu, 27 Sep 2012 10:13:45 -0400
changeset 114607 3d81919584ff2fbebb0a22cdb316dbd6b22b2e9e
parent 114606 ac136b93a1a343276991a444107a56fdcd6b1f2c
child 114608 550c5ac80046e7d378b201f53cd043546846ca00
push id1708
push userakeybl@mozilla.com
push dateMon, 19 Nov 2012 21:10:21 +0000
treeherdermozilla-beta@27b14fe50103 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjgilbert
bugs791905
milestone18.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 791905 - reject WebGL canvas sizes greater than INT_MAX - r=jgilbert
content/canvas/src/WebGLContext.cpp
--- a/content/canvas/src/WebGLContext.cpp
+++ b/content/canvas/src/WebGLContext.cpp
@@ -324,21 +324,28 @@ WebGLContext::SetContextOptions(nsIPrope
 
     mOptions = newOpts;
     return NS_OK;
 }
 
 NS_IMETHODIMP
 WebGLContext::SetDimensions(int32_t width, int32_t height)
 {
-    /*** early success return cases ***/
+    // Early error return cases
+
+    if (width < 0 || height < 0) {
+        GenerateWarning("Canvas size is too large (seems like a negative value wrapped)");
+        return NS_ERROR_OUT_OF_MEMORY;
+    }
 
     if (!GetCanvas())
         return NS_ERROR_FAILURE;
 
+    // Early success return cases
+
     GetCanvas()->InvalidateCanvas();
 
     if (gl && mWidth == width && mHeight == height)
         return NS_OK;
 
     // Zero-sized surfaces can cause problems.
     if (width == 0 || height == 0) {
         width = 1;
@@ -357,20 +364,19 @@ WebGLContext::SetDimensions(int32_t widt
         mHeight = gl->OffscreenActualSize().height;
         mResetLayer = true;
 
         gl->ClearSafely();
 
         return NS_OK;
     }
 
-    /*** End of early success return cases.
-     *** At this point we know that we're not just resizing an existing context,
-     *** we are initializing a new context.
-     ***/
+    // End of early return cases.
+    // At this point we know that we're not just resizing an existing context,
+    // we are initializing a new context.
 
     // if we exceeded either the global or the per-principal limit for WebGL contexts,
     // lose the oldest-used context now to free resources. Note that we can't do that
     // in the WebGLContext constructor as we don't have a canvas element yet there.
     // Here is the right place to do so, as we are about to create the OpenGL context
     // and that is what can fail if we already have too many.
     LoseOldestWebGLContextIfLimitExceeded();