createImageBitmap's DstBufferSizeHasOverflow check is too strict
Reported by
ms2...@gmail.com,
Jan 4 2018
|
|||||||||
Issue descriptionUserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0 Steps to reproduce the problem: DstBufferSizeHasOverflow is called on the uncropped rectangle, and rejects if that is too large. However, the rectangle will be cropped after this check, leading Chromium to reject arguments when it is not necessary. What is the expected behavior? Promise resolved, matching either WebKit or Gecko. What went wrong? Promise rejected. Did this work before? N/A Does this work in other browsers? Yes Chrome version: 63.0.3239.9 (Official Build) dev (64-bit) Channel: dev OS Version: Flash Version:
,
Jan 4 2018
,
Jan 9 2018
,
Jan 23 2018
I think the Chromium behavior is correct. The standard says: https://html.spec.whatwg.org/multipage/imagebitmap-and-animations.html#dom-createimagebitmap "If sx, sy, sw, and sh arguments are provided, the source image is cropped to the given pixels, with any pixels missing in the original replaced by transparent black. These coordinates are in the source image's pixel coordinate space, not in CSS pixels." AFACT this means that we crop the source, but the ImageBitmap, if resolved, must have sw x sh pixels. In your example, Chromium rejects the promise because it cannot allocate the requested memory. @junov: WDYT?
,
Jan 23 2018
@#4: I'm not sure whether what Chrome is doing is Okay. The spec is often vague about how to deal with internal allocation failures. For canvas related APIs, we generally try to fail silently. For example, in the attached example, the HTMLCanvasElement API does not throw due to allocation failure. It presumably just draws nothing due to internal failure. We should try to stay true to that principle in CreateImageBitmap. There is another side to the argument though: Because this is a promise-based API, we can reject the promise with an exception, which allows user code to detect errors and apply their own mitigations, and at the same time, it does not crash the current task if the error is not handled. So it is kind of nice to do it that way. Either way, we should debate this in a whatwg issue and clarify the spec if needed.
,
Jan 24 2018
Related spec issue: https://github.com/whatwg/html/issues/3323
,
Jan 24 2018
,
Mar 5 2018
I'm preparing a CL to perform the buffer size check after intersecting the input size with the sourceRect. If the size overflows unsigned, we throw RangeError DOMException and reject the promise.
Looking at the spec, I would like to also have a clarification on clipping. The current behavior of chromium is that if the intersection of input and sourceRect is empty, it creates a transparent black image with the size of sourceRect and returns that. That is:
var source = document.createElement("canvas");
createImageBitmap(source, 299, 149, 1000, 1000);
resolves with a 1x1 ImageBitmap, but:
var source = document.createElement("canvas");
createImageBitmap(source, 300, 150, 1000, 1000);
resolves with a 1000x1000 transparent black bitmap. Is this the expected clipping behavior? Firefox does the same, but since Firefox also resolves 10^7x10^7 bitmap I'm not sure what happens there.
This also clarifies what we should do when the size of the input or sourceRect are zero.
,
Mar 5 2018
,
Jul 25
,
Oct 15
,
Oct 15
|
|||||||||
►
Sign in to add a comment |
|||||||||
Comment 1 by ms2...@gmail.com
, Jan 4 2018