pixels: Add limitation to max image total bytes length (#37172)

Limit the maximum image allocation size to 2GB to minimize the possibility of out of memory errors on some `ImageBitmap`, `ImageData`, `Canvas`, and `OffscreenCanvas` operations such as construction, `toBlob`, and `toDataURL`. Other browsers have similar limits: - Chromium: 2^32-1 (~4GB) - Firefox: 2^31-1 (~2GB) Testing: Improvements to the following tests: - `html/canvas/element/pixel-manipulation/2d.imageData.object.ctor.basics.html` assert_throws_dom("INDEX_SIZE_ERR", function() { new ImageData(1 << 31, 1 << 31); }); - `html/canvas/element/manual/imagebitmap/createImageBitmap-invalid-args.html` makeOversizedCanvas + makeOversizedOffscreenCanvas Signed-off-by: Andrei Volykhin <andrei.volykhin@gmail.com>
2025-08-06 06:00:15 +01:00 · 2025-05-29 13:43:27 +03:00 · 2025-05-29 13:43:27 +03:00 · 801ac9e22a
commit 801ac9e22a
parent 3bb7c71eb6
6 changed files with 93 additions and 150 deletions
--- a/components/script/dom/globalscope.rs
+++ b/components/script/dom/globalscope.rs
@ -2982,10 +2982,13 @@ impl GlobalScope {
                    return p;
                }

-                if let Some(snapshot) = canvas.get_image_data() {
-                    let image_bitmap = ImageBitmap::new(self, snapshot, can_gc);
-                    image_bitmap.set_origin_clean(canvas.origin_is_clean());
-                    p.resolve_native(&(image_bitmap), can_gc);
+                match canvas.get_image_data() {
+                    Some(snapshot) => {
+                        let image_bitmap = ImageBitmap::new(self, snapshot, can_gc);
+                        image_bitmap.set_origin_clean(canvas.origin_is_clean());
+                        p.resolve_native(&(image_bitmap), can_gc);
+                    },
+                    None => p.reject_error(Error::InvalidState, can_gc),
                }
                p
            },
@ -2996,10 +2999,13 @@ impl GlobalScope {
                    return p;
                }

-                if let Some(snapshot) = canvas.get_image_data() {
-                    let image_bitmap = ImageBitmap::new(self, snapshot, can_gc);
-                    image_bitmap.set_origin_clean(canvas.origin_is_clean());
-                    p.resolve_native(&(image_bitmap), can_gc);
+                match canvas.get_image_data() {
+                    Some(snapshot) => {
+                        let image_bitmap = ImageBitmap::new(self, snapshot, can_gc);
+                        image_bitmap.set_origin_clean(canvas.origin_is_clean());
+                        p.resolve_native(&(image_bitmap), can_gc);
+                    },
+                    None => p.reject_error(Error::InvalidState, can_gc),
                }
                p
            },