[html] Crash when ImageElement.src is not a valid image uri #19948
Comments
|
Crash seems bad. Feel free to re-assign prio and milestone though. Added this to the 1.6 milestone. |
|
leaf : can you take a look at the crash? Set owner to @leafpetersen. |
|
Can you tell me where to get this test file? There's no such file in the dart or dartium repositories that I can find. The fragment above is incomplete, but I tried shortening it to be self contained as follows: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> draw(_) { // Create an image with invalid data. ctx = document.createElement("canvas").getContext('2d'); This runs correctly (or at least, does not crash for me) in current dartium/dart bleeding edge. Added NeedsInfo label. |
|
This comment was originally written by Ilya.Vazh...@gmail.com gclient sync updates to some snapshot of co19 tests. To get latest version: cd $dart-ws/tests/co19/src cd ../../../ ./tools/test.py -t10 -ax64 -mrelease -rdrt co19/LayoutTests/fast/canvas/drawImage-with-broken-image #CRASH |
|
This comment was originally written by Ilya.V...@gmail.com To enable running co19 tests on drt target comment the line in config file: $ svn diff tests/co19/co19-dartium.status --- tests/co19/co19-dartium.status (revision 38449) |
|
Great, thanks, I can reproduce. Looking into it. Added Started label. |
|
Ok, there are two things going on here. The first is that we are generating the dart:html bindings from old chrome 34 IDL (see dartbug/20123). In that IDL, the first argument to drawImage was nullable (meaning that the underlying blink code was prepared to deal with null values (by throwing an error). In the new IDL, this argument is no longer nullable, and the underlying blink code will simply crash if passed a null ptr. So, to really fix this, I think we need to do the following:
|
|
This should no longer crash as of https://codereview.chromium.org/469373002/ . |
|
Fixed in r39299 Added Fixed label. |
DartBot
added
Type-Defect
P1
This issue was originally filed by Ilya.Vaz...@gmail.com
Crash on content shell and timeout on dartium
tests/co19/src/LayoutTests/fast/canvas/drawImage-with-broken-image_t01.dart
main() {
var ctx, invalidImage;
draw(_) {
// null images should throw TypeError
shouldThrow(() => ctx.drawImage(null, 0, 0));
shouldThrow(() => ctx.drawImageScaled(null, 0, 0, 20, 20));
shouldThrow(() => ctx. drawImageScaledFromSource(null, 0, 0, 20, 20, 0, 0, 20, 20));
// broken images should not throw
shouldThrow(() => ctx.drawImage(invalidImage, 0, 0));
shouldThrow(() => ctx.drawImageScaled(invalidImage, 0, 0, 20, 20));
shouldThrow(() => ctx.drawImageScaledFromSource(invalidImage, 0, 0, 20, 20, 0, 0, 20, 20));
shouldThrow(() => ctx.drawImageScaled(invalidImage, 0, 0, 0, 20));
shouldThrow(() => ctx.drawImageScaledFromSource(invalidImage, 0, 0, 0, 20, 0, 0, 20, 20));
asyncEnd();
}
asyncStart();
// Create an image with invalid data.
invalidImage = new ImageElement();
invalidImage.onError.listen(draw);
invalidImage.src = '$root/drawImage-with-broken-image_t01.dart'; // test's file itself
ctx = document.createElement("canvas").getContext('2d');
}
The text was updated successfully, but these errors were encountered: