New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: Fixed
Closed: Apr 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug

issue 563816

Sign in to add a comment
[OffscreenCanvas] Crash uploading canvas as WebGL texture
Reported by, Feb 25 2017 Back to list
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3023.0 Safari/537.36

Steps to reproduce the problem:
Note: enable 'experimental canvas features' in chrome://flags

1. Visit
2. Click 'Crash'

What is the expected behavior?
The page creates an OffscreenCanvas with a WebGL context. When you click the button it creates a temporary DOM canvas and tries to upload it to a WebGL texture via texImage2D(). This should succeed.

What went wrong?
The texImage2D call crashes the whole browser tab.

Did this work before? N/A 

Does this work in other browsers? N/A

Chrome version: 58.0.3023.0  Channel: canary
OS Version: 10.0
Flash Version: Shockwave Flash 25.0 r0

Interestingly it also crashes Firefox Nightly.

Comment 1 by, Feb 27 2017
Labels: Needs-Triage-M58
Comment 2 by, Feb 27 2017
Labels: -Needs-Triage-M58 M-59
Status: Assigned
Comment 3 by, Mar 22 2017
Labels: -Pri-2 Pri-1
Comment 4 by, Mar 23 2017
Blocking: 563816
Comment 5 by, Apr 6 2017
The crash came from  DCHECK_EQ(!canvas(), !!destinationSecurityOrigin); in 
CanvasRenderingContext::wouldTaintOrigin. I think it is because when I implemented this function I didn't consider the webgl case.
Comment 6 by, Apr 7 2017
Status: Started
Project Member Comment 7 by, Apr 13 2017
The following revision refers to this bug:

commit a618ae85f99de9dfcd3596d40e247b92b52eb745
Author: xlai <>
Date: Thu Apr 13 18:04:52 2017

Make OffscreenCanvas WebGL(2) context consider taintedness of image source

BUG= 696222;master.tryserver.chromium.linux:linux_optional_gpu_tests_rel;master.tryserver.chromium.mac:mac_optional_gpu_tests_rel;

Cr-Commit-Position: refs/heads/master@{#464467}


Comment 8 by, Apr 13 2017
Status: Fixed
ash@, you are rockstar for reporting this! xlai@, it's fixed! :)
Comment 9 by, Apr 18 2017
Labels: Needs-Feedback
Tested on windows 10 & 7 using chrome Dev M59 #59.0.3071.9 and followed below steps to verify:

1.Enabled 'experimental canvas features' in chrome://flags 
2.Launched chrome and navigated to "" and clicked crash  , nothing happened and observed  console error message.

Attached screencast for reference.

@Could someone please check the attached screencast and confirm us if this is the expected result or steps to verify the issue if we had missed out anything.


1.4 MB View Download
Comment 10 by, Apr 18 2017
This issue was marked fixed and I can verify it no longer reproduces in Canary, so I think it's all solved now?
Comment 11 by, Apr 18 2017
Labels: -Needs-Feedback
Yes it's already resolved.
Sign in to add a comment