[webkit-reviews] review granted: [Bug 23212] Crash in HTMLCanvasElement : [Attachment 26572] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Apr 6 01:22:57 PDT 2009
Eric Seidel <eric at webkit.org> has granted 's request for review:
Bug 23212: Crash in HTMLCanvasElement
https://bugs.webkit.org/show_bug.cgi?id=23212
Attachment 26572: Patch
https://bugs.webkit.org/attachment.cgi?id=26572&action=review
------- Additional Comments from Eric Seidel <eric at webkit.org>
I recommend we land this w/o test case. I just attempted to make one and found
bug 25055. The test case I've attached to bug 25055 could possibly catch this
on some platforms.
This exact crash is sorta protected against by
IntSize HTMLCanvasElement::convertLogicalToDevice(const FloatSize& logicalSize)
const
which makes sure that logicalSize is < MaxCanvasSize. however testing max
canvas size (as I did in bug 25055) reveals that we fail in other parts of the
code (making it difficult to test for a crash here on platforms that might fail
earlier than CG does.
Mike, since I can never remember if you have commit-bit or not, I'll land this,
with additional information in the ChangeLog about why a test case could not be
created.
More information about the webkit-reviews
mailing list