Bug 250543

Summary: ImageData() should return a DOMException if index or size is too big
Product: WebKit Reporter: Karl Dubost <karlcow>
Component: CanvasAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: annevk, dino, webkit-bug-importer
Priority: P2 Keywords: BrowserCompat, InRadar, WPTImpact
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   

Description Karl Dubost 2023-01-12 21:24:19 PST 
new ImageData(1 << 31, 1 << 31);

returns in Safari TP160

rangeerror: Cannot allocate a buffer of this size

while it returns 

Firefox: Uncaught DOMException: Index or size is negative or greater than the allowed amount
Chrome:  Uncaught DOMException: Failed to construct 'ImageData': The requested image size exceeds the supported range.


See https://searchfox.org/wubkat/rev/12fc92585a259a29b2522e7e902492be45a57b6a/Source/WebCore/html/ImageData.cpp#87-123


This is expected to pass 
http://wpt.live/html/canvas/element/pixel-manipulation/2d.imageData.object.ctor.basics.html
https://wpt.fyi/results/html/canvas/element/pixel-manipulation/2d.imageData.object.ctor.basics.html
Comment 1 Radar WebKit Bug Importer 2023-01-19 21:25:17 PST 
<rdar://problem/104461776>
Comment 2 Anne van Kesteren 2023-08-26 08:16:53 PDT 
I think this is a bug in Chromium and Gecko. https://html.spec.whatwg.org/#initialize-an-imagedata-object quite clearly states to reuse the RangeError exception for OOM.

I guess 1 << 31 somehow ends up being treated as a positive integer due to IDL? That's the one thing I'm not totally clear on.