Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Starred by 2 users
Status: Fixed
Closed: Apr 13
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug

issue 563816

Sign in to add a comment
[OffscreenCanvas] Crash uploading canvas as WebGL texture
Reported by, Feb 25 2017 Back to list
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3023.0 Safari/537.36

Steps to reproduce the problem:
Note: enable 'experimental canvas features' in chrome://flags

1. Visit
2. Click 'Crash'

What is the expected behavior?
The page creates an OffscreenCanvas with a WebGL context. When you click the button it creates a temporary DOM canvas and tries to upload it to a WebGL texture via texImage2D(). This should succeed.

What went wrong?
The texImage2D call crashes the whole browser tab.

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 58.0.3023.0  Channel: canary
OS Version: 10.0
Flash Version: Shockwave Flash 25.0 r0

Interestingly it also crashes Firefox Nightly.

Comment 1 by, Feb 27 2017
Labels: Needs-Triage-M58
Comment 2 by, Feb 27 2017
Labels: -Needs-Triage-M58 M-59
Status: Assigned
Labels: -Pri-2 Pri-1
Blocking: 563816
The crash came from  DCHECK_EQ(!canvas(), !!destinationSecurityOrigin); in 
CanvasRenderingContext::wouldTaintOrigin. I think it is because when I implemented this function I didn't consider the webgl case.
Status: Started
Project Member Comment 7 by, Apr 13
The following revision refers to this bug:

commit a618ae85f99de9dfcd3596d40e247b92b52eb745
Author: xlai <>
Date: Thu Apr 13 18:04:52 2017

Make OffscreenCanvas WebGL(2) context consider taintedness of image source

BUG= 696222;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;

Cr-Commit-Position: refs/heads/master@{#464467}


Status: Fixed
ash@, you are rockstar for reporting this! xlai@, it's fixed! :)
Labels: Needs-Feedback
Tested on windows 10 & 7 using chrome Dev M59 #59.0.3071.9 and followed below steps to verify:

1.Enabled 'experimental canvas features' in chrome://flags 
2.Launched chrome and navigated to "" and clicked crash  , nothing happened and observed  console error message.

Attached screencast for reference.

@Could someone please check the attached screencast and confirm us if this is the expected result or steps to verify the issue if we had missed out anything.


1.4 MB View Download
This issue was marked fixed and I can verify it no longer reproduces in Canary, so I think it's all solved now?
Labels: -Needs-Feedback
Yes it's already resolved.
Sign in to add a comment