Bug 251130

Summary: OffscreenCanvas::transferToImageBitmap doesn't restrict enforce size restrictions
Product: WebKit Reporter: Matt Woodrow <mattwoodrow>
Component: CanvasAssignee: Matt Woodrow <mattwoodrow>
Status: RESOLVED FIXED    
Severity: Normal CC: dino, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description Matt Woodrow 2023-01-24 20:27:58 PST 
We share code with HTMLCanvasElement via CanvasBase for allocating the backing store, with max size restrictions.

transferToImageBitmap can sometimes allocate a new buffer (if there isn't one already), and it currently isn't using the same code, so doesn't have the same restrictions.
Comment 1 Matt Woodrow 2023-01-24 20:28:18 PST 
<rdar://104298886>
Comment 2 Matt Woodrow 2023-01-24 20:30:34 PST 
Pull request: https://github.com/WebKit/WebKit/pull/9088
Comment 3 EWS 2023-02-08 14:16:04 PST 
Committed 260035@main (e4c57c810933): <https://commits.webkit.org/260035@main>

Reviewed commits have been landed. Closing PR #9088 and removing active labels.