canvas flickers when not drawn on
Reported by
didi.tab...@gmail.com,
Jan 23 2018
|
||||||||||||
Issue descriptionSteps to reproduce the problem: 1. have several canvas stacked, one (for background) being not cleared and drawn each frame 2. draw on all canvas 3. Stop clearing and drawing on this canvas, keep on clearing and drawing on the other canvas. What is the expected behavior? The still background canvas should stay still, like it used to do. What went wrong? Now it flickers, briefly becoming black. Worse : sometimes, instead of black, it briefly displays what was on this canvas back while in a previous session ! For example I had some red text displaying for testing and debugging purpose, then, with this red text now disabled, after reloading the page (and so the game), and going through several screens in the game, the red text suddenly appeared briefly. Such 'screenshots' issues happened several times during my testing. This is a serious security issue. Same thing could happen in a bank webapp using canvas, then a 'screenshot' of the previous user's confidential data would briefly appear on the next user's screen ! Did this work before? Yes Can't check. All I can say is that it worked two months ago, and I only noticed it a week ago. Chrome version: 63.0.3239.111 Channel: stable OS Version: 4.4.2 Flash Version: Shockwave Flash 26.0 r0 While doing tests, I found this weird detail : If I just add a line to draw something on this canvas at each frame, just ctx.fillRect(0,0,50,50); , then the problem stops, no more brief black screen or ghost of previous session, only because the canvas keeps being updated. If I disable this line and let the canvas be still, then the problem happens again. So it has got something to do with the way chrome updates the display of stacked canvas, the bug happens when one of the canvas has not changed since last update.
,
Jan 23 2018
I will create a simple example to show you, for investigating on the whole game would be uselessly too complicated.
,
Jan 23 2018
,
Jan 25 2018
For the moment I don't get to replicate it in a simple example. The game's code is huge and compressed so unreadable. This is why I try to write a simple, clear and easy to read, example. For some reason the bug does not happen in it, there must be something done in the game that is needed to be done in order for the bug to happen. I am still searching. Here is a video showing : http://diegotests.altervista.org/bugs/20180122_bg_flickering/MVI_2305_2.mp4 Here is a copy of my game : http://diegotests.altervista.org/html5_games/8bpkwr_20180122/index.php I need to point something out. When I come back to the title screen at the end of the video, you can see the previous screen, the table of save games, flashing. Between the two screens, the canvas this table was drawn on was cleared, and the picture it was made of was unloaded from memory. So it is a 'screenshot' of a previous state of the canvas. Such 'screenshot' sometimes comes back after I reload the page. This is why I think it is a security issue. It could be another user's confidential datas, it should not stay in memory like this and appear. ( By the way, while searching if the bug was already reported I read about a money reward for reporting security related bugs. If it is confirmed that this bug is a security bug like I think it is, is there a chance I get a reward ? )
,
Jan 25 2018
@didi.tablette: Thanks for the report!! Could you please help us with a sample file where you're seeing this issue and also provide details of your device, that would help us in triaging the issue. Thanks!!
,
Jan 26 2018
I found out that in order for the bug to happen it needs several things : - There first must be a globalCompositeOperation operation on a canvas which is drawn on the still canvas. - Something must be drawn on the canvas on top on the still canvas too. I got to make a very simple example that makes the bug happen. Here : http://diegotests.altervista.org/bugs/20180122_bg_flickering/1.htm In Chrome on a computer, everything is ok. On my tablet it is flashing everytime it stops drawing on the canvas. Video : http://diegotests.altervista.org/bugs/20180122_bg_flickering/MVI_2308_2.mp4 My tablet : iFive Mini 3 (aka Haier mini Pad 781) , Android 4.4.2 , RK3188 SOC, 1GB RAM, 1240x768 Unfortunatly I do not have any other android device to try on at the moment.
,
Jan 26 2018
Thank you for providing more feedback. Adding requester "sandeepkumars@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Feb 19 2018
,
Feb 21 2018
,
Feb 22 2018
Tested the issue using #64.0.3282.137 on Sony 4.4.4; C6902 Build/14.4.A.0.108 and could not see any flickering by navigating to http://diegotests.altervista.org/bugs/20180122_bg_flickering/1.htm Unable to check the issue on iFive Mini 3 as we don't have mentioned device with us. Hence removing Needs-TestConfirmation Needs-Bisect labels for now, Please add it back if required. @didi: Could you please update Chrome to #64.0.3282.137 and check if you still face the issue? Thanks!!!
,
Apr 13 2018
Ping @didi: Can you still reproduce this issue with a current version of Chrome?
,
Apr 16 2018
(oops, so sorry I didn't see that post in february) Yes, it is still happening on Chrome 65.0.3325.109
,
Apr 24 2018
Re-triaging as a compositing bug.
,
Apr 24 2018
I am unable to repro with the hardware at my disposal. This looks like a bug with layer visibility -> flagging the Compositor team.
,
Apr 24 2018
Anything that only repros on a single device is most likely GPU, unless it triggers the low-end device systems. I don't think this one does.
,
Apr 24 2018
At present, there's no indication that this is a security issue. There would be a security issue here only in the event that a "polluted" canvas were readable via JavaScript (e.g. if a call to canvas.toDataURL() returned the lingering pixels). If we were able to come up with a repro that resulted in unexpected data in the PNG returned by toDataURL, *that* would potentially be a security issue. Based on the text here, that's not what's happening, and instead what we have here is solely a visual corruption that cannot be abused by a malicious site.
,
Apr 24 2018
GPU is "Mali-400 MP4", in Rockchip RK3188 SOC. Talking about GPU and composition, this reminds me that while working on a game of mine using Crosswalk, starting it with "xwalk --ignore-gpu-blacklist --show-fps-counter --ui-show-fps-counter" commands, it said that some hardware composition acceleration feature (sorry I do not remember the right name) could not be used on this tablet because the GPU is not compatible. And while this game is sluggish in Crosswalk, it is a LOT faster in Chrome. And Crosswalk is basically just an old version of Chrome. So maybe Chrome is now forcing this feature on, ignoring that this GPU can't handle it correctly. How can I check ?
,
Jan 13
Still happening as of v71.0.3578.99. And I just saw the same bug on another tablet, a Chuwi VX3, SOC is Mediatek MT6592, GPU is Mali450. |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by didi.tab...@gmail.com
, Jan 23 2018