Bug 256151

Summary: REGRESSION(261130@main): Canvas putImageData draws onto wrong canvas
Product: WebKit Reporter: bitbof
Component: CanvasAssignee: Kimmo Kinnunen <kkinnunen>
Status: RESOLVED FIXED    
Severity: Major CC: dino, heycam, kkinnunen, sabouhallawa, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 16   
Hardware: All   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=252987
Attachments:
Description Flags
demo of bug none

Description bitbof 2023-04-30 10:51:58 PDT 
Created attachment 466149 [details]
demo of bug

Observed on:
- MacBook Air M1: MacOS 12.4 Safari 15.5, MacOS 13.3.1 Safari 16.4
- iPad 2019: iPadOS 15.4.1, iPadOS 16.4.1
- iPhone SE 2022: iOS 16.3
(non-WebKit browsers not affected)

Steps:
- Create 2 canvases: canvas A, and canvas B.
- Draw canvas A on canvas B.
- Create ImageData with any data (here it's noise).
- putImageData onto canvas A.

Expected:
- ImageData is only drawn onto canvas A.

Actual:
- It is also drawn on canvas B.

Demo page: https://bitbof.github.io/browser-bug-demos/2023-04-30-safari-putimagedata/
Comment 1 Simon Fraser (smfr) 2023-05-01 09:46:42 PDT 
I can reproduce (only when UI-side compositing is disabled).
Comment 2 Radar WebKit Bug Importer 2023-05-01 09:46:56 PDT 
<rdar://problem/108741153>
Comment 3 Said Abou-Hallawa 2023-05-01 10:42:59 PDT 
This is a regression of 261130@main. Commenting this if-statement in RemoteImageBufferProxy::putPixelBuffer() fixes the issue.

    if (canMapBackingStore()) {
        const_cast<RemoteImageBufferProxy&>(*this).flushDrawingContext();
        ImageBuffer::putPixelBuffer(pixelBuffer, srcRect, destPoint, destFormat);
        // Simulate a write so that read caches are cleared.
        // FIXME: This should not be done via the context draw, as that induces a flush.
        context().fillRect({ });
        return;
    }
Comment 4 Kimmo Kinnunen 2023-05-02 06:21:43 PDT 
Thanks for the investigation.
I'll fix it unless Said has started..
Comment 5 Kimmo Kinnunen 2023-05-10 05:10:50 PDT 
Pull request: https://github.com/WebKit/WebKit/pull/13689
Comment 6 EWS 2023-05-11 12:05:22 PDT 
Committed 263978@main (a658f97638bf): <https://commits.webkit.org/263978@main>

Reviewed commits have been landed. Closing PR #13689 and removing active labels.