New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Fixed
Last visit 21 days ago
Closed: Apr 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug

issue 563816

Sign in to add a comment

[OffscreenCanvas] Crash uploading canvas as WebGL texture

Reported by, Feb 25 2017

Issue description

UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3023.0 Safari/537.36

Steps to reproduce the problem:
Note: enable 'experimental canvas features' in chrome://flags

1. Visit
2. Click 'Crash'

What is the expected behavior?
The page creates an OffscreenCanvas with a WebGL context. When you click the button it creates a temporary DOM canvas and tries to upload it to a WebGL texture via texImage2D(). This should succeed.

What went wrong?
The texImage2D call crashes the whole browser tab.

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 58.0.3023.0  Channel: canary
OS Version: 10.0
Flash Version: Shockwave Flash 25.0 r0

Interestingly it also crashes Firefox Nightly.


Comment 1 by, Feb 27 2017

Labels: Needs-Triage-M58

Comment 2 by, Feb 27 2017

Labels: -Needs-Triage-M58 M-59
Status: Assigned (was: Unconfirmed)

Comment 3 by, Mar 22 2017

Labels: -Pri-2 Pri-1

Comment 4 by, Mar 23 2017

Blocking: 563816

Comment 5 by, Apr 6 2017

The crash came from  DCHECK_EQ(!canvas(), !!destinationSecurityOrigin); in 
CanvasRenderingContext::wouldTaintOrigin. I think it is because when I implemented this function I didn't consider the webgl case.

Comment 6 by, Apr 7 2017

Status: Started (was: Assigned)
Project Member

Comment 7 by, Apr 13 2017

The following revision refers to this bug:

commit a618ae85f99de9dfcd3596d40e247b92b52eb745
Author: xlai <>
Date: Thu Apr 13 18:04:52 2017

Make OffscreenCanvas WebGL(2) context consider taintedness of image source

BUG= 696222;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;

Cr-Commit-Position: refs/heads/master@{#464467}


Comment 8 by, Apr 13 2017

Status: Fixed (was: Started)
ash@, you are rockstar for reporting this! xlai@, it's fixed! :)

Comment 9 by, Apr 18 2017

Labels: Needs-Feedback
Tested on windows 10 & 7 using chrome Dev M59 #59.0.3071.9 and followed below steps to verify:

1.Enabled 'experimental canvas features' in chrome://flags 
2.Launched chrome and navigated to "" and clicked crash  , nothing happened and observed  console error message.

Attached screencast for reference.

@Could someone please check the attached screencast and confirm us if this is the expected result or steps to verify the issue if we had missed out anything.


1.4 MB View Download

Comment 10 by, Apr 18 2017

This issue was marked fixed and I can verify it no longer reproduces in Canary, so I think it's all solved now?

Comment 11 by, Apr 18 2017

Labels: -Needs-Feedback
Yes it's already resolved.

Sign in to add a comment