Bug 240629

Summary: Safari15.4 can be CRASH when exec putImageData when imageData more than 512kb on window.open page.
Product: WebKit Reporter: yao zhang <boomyao>
Component: CanvasAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Blocker CC: bart.corremans, bfulgham, dino, kkinnunen, sabouhallawa, simon.fraser, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: Safari 15   
Hardware: All   
OS: iOS 15   
Attachments:
Description Flags
crash demo none

Description yao zhang 2022-05-18 23:34:10 PDT 
I simplify the way to crash on safari15.4.

Step1: window.open a page;
Step2:  CanvasRenderingContext2D.putImageData(imageData, 0, 0), than CRASH!

tip: imageData size more than 524 * 1000.
Comment 1 Alexey Proskuryakov 2022-05-19 19:15:13 PDT 
Could you please provide a test case that reproduces the issue?
Comment 2 yao zhang 2022-05-21 17:55:09 PDT 
Created attachment 459643 [details]
crash demo

Test crash after click "jump to crash".
Comment 3 Radar WebKit Bug Importer 2022-05-21 18:34:03 PDT 
<rdar://problem/93713654>
Comment 4 Bart Corremans 2022-05-23 02:06:06 PDT 
This seems fixed in Technology Preview (at least since 17614.1.11.6).

Related to https://bugs.webkit.org/show_bug.cgi?id=237674 ?