Bug 1524418 - Avoid crashing content process with giant drawtarget. r=mstange
authorKartikaya Gupta <kgupta@mozilla.com>
Wed, 27 Feb 2019 17:34:23 +0000
changeset 519365 dd683ef8b0001a7f2915fdef956f8b4c01219db9
parent 519364 31a79abb583d5a0c98be5bef9f20058908ee4d58
child 519366 6579b451a3522d485259f49b1c2378f657c81278
push id10862
push userffxbld-merge
push dateMon, 11 Mar 2019 13:01:11 +0000
treeherdermozilla-beta@a2e7f5c935da [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmstange
bugs1524418
milestone67.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1524418 - Avoid crashing content process with giant drawtarget. r=mstange Differential Revision: https://phabricator.services.mozilla.com/D21230
gfx/tests/crashtests/1524418.html
gfx/tests/crashtests/crashtests.list
gfx/thebes/gfxDrawable.cpp
new file mode 100644
--- /dev/null
+++ b/gfx/tests/crashtests/1524418.html
@@ -0,0 +1,11 @@
+<script>
+window.onload=function() {
+  a.setAttribute('style', 'font-size:3154')
+}
+</script>
+<style>
+* {
+  background-image:url();
+}
+</style>
+<select size='63' id='a'>
--- a/gfx/tests/crashtests/crashtests.list
+++ b/gfx/tests/crashtests/crashtests.list
@@ -178,8 +178,9 @@ load 1508811.html
 load 1508822.html
 load 1509099.html
 load 1513133.html
 load 1496194.html
 load 1505934-1.html
 load 1509123.html
 load 1494062-blob-image-wraplist-clip.html
 load texture-allocator-zero-region.html
+load 1524418.html
--- a/gfx/thebes/gfxDrawable.cpp
+++ b/gfx/thebes/gfxDrawable.cpp
@@ -93,16 +93,19 @@ void gfxSurfaceDrawable::DrawInternal(
 gfxCallbackDrawable::gfxCallbackDrawable(gfxDrawingCallback* aCallback,
                                          const IntSize aSize)
     : gfxDrawable(aSize), mCallback(aCallback) {}
 
 already_AddRefed<gfxSurfaceDrawable> gfxCallbackDrawable::MakeSurfaceDrawable(
     gfxContext* aContext, const SamplingFilter aSamplingFilter) {
   SurfaceFormat format = gfxPlatform::GetPlatform()->Optimal2DFormatForContent(
       gfxContentType::COLOR_ALPHA);
+  if (!aContext->GetDrawTarget()->CanCreateSimilarDrawTarget(mSize, format)) {
+    return nullptr;
+  }
   RefPtr<DrawTarget> dt =
       aContext->GetDrawTarget()->CreateSimilarDrawTarget(mSize, format);
 
   if (!dt || !dt->IsValid()) return nullptr;
 
   RefPtr<gfxContext> ctx = gfxContext::CreateOrNull(dt);
   MOZ_ASSERT(ctx);  // already checked for target above
   Draw(ctx, gfxRect(0, 0, mSize.width, mSize.height), ExtendMode::CLAMP,