[Webkit-unassigned] [Bug 159586] New: Infinite Canvas context save() causes WebKit to crash

Fri Jul 8 16:34:48 PDT 2016

https://bugs.webkit.org/show_bug.cgi?id=159586

            Bug ID: 159586
           Summary: Infinite Canvas context save() causes WebKit to crash
    Classification: Unclassified
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Canvas
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: sabouhallawa at apple.com
                CC: dino at apple.com

Created attachment 283216
  --> https://bugs.webkit.org/attachment.cgi?id=283216&action=review
canvas-context-infinite-save

If a developer adds a call to CanvasRenderingContext2D.save() in an animation without adding the corresponding CanvasRenderingContext2D.restore(), Webkit might end up crashing. Neither the code nor the specs species any limit on how many context state can be saved.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160708/bc643e2a/attachment.html>