Comment #27 on issue 2044 by [email protected]: [CRASH]Renderer crashes when zoomed into street level on maps.yahoo.com http://code.google.com/p/chromium/issues/detail?id=2044
Here's what I've discovered so far: if the canvas size is 15Kx15K, it meets HTMLCanvasElement's "MaxCanvasArea" criterion (32Kx8K), and the allocation of the ImageBufferSkia succeeds. However, the actual malloc() is deferred until later (in ImageBufferSkia::image()), and if there's insufficient memory, the malloc() fails at draw time and blows up with an INT3, which kills the browser. We could lower MaxCanvasArea, but there's still no guarantee that the malloc() will succeed on any given machine (and if we do a 64-bit port, would be an artificial limit). There's no limit specified in the HTML5 spec for the width and height of the canvas tag. In Safari, the allocation is done right away, and failure is gracefully handled (ie., you get a white canvas, and drawing on it does nothing). I'm pretty sure that m_imageBuffer is NULL in this case. Another possibility would be to force the ImageBuffer to do the malloc() right away, so we can check for failure the way Safari does. This might require calling _set_new_handler temporarily, to prevent the INT3. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
