From 085435d4165956b3d5b7cb66a87f0a962e09ef58 Mon Sep 17 00:00:00 2001 From: Tj Holowaychuk Date: Wed, 17 Nov 2010 11:05:26 -0800 Subject: [PATCH] Fixed segfault when sw/sh putImageData() values are to large --- src/CanvasRenderingContext2d.cc | 10 ++++++---- test/public/tests.js | 14 +++++++++++++- 2 files changed, 19 insertions(+), 5 deletions(-) diff --git a/src/CanvasRenderingContext2d.cc b/src/CanvasRenderingContext2d.cc index 5daef19..194daef 100644 --- a/src/CanvasRenderingContext2d.cc +++ b/src/CanvasRenderingContext2d.cc @@ -393,7 +393,7 @@ Context2d::New(const Arguments &args) { * Put image data. * * - imageData, dx, dy - * - imageData, dx, dy, sx, sy, dw, dh + * - imageData, dx, dy, sx, sy, sw, sh * */ @@ -424,7 +424,6 @@ Context2d::PutImageData(const Arguments &args) { , rows , cols; - // TODO: spec boundaries switch (args.Length()) { // imageData, dx, dy case 3: @@ -432,16 +431,19 @@ Context2d::PutImageData(const Arguments &args) { rows = arr->height(); break; // imageData, dx, dy, sx, sy, dw, dh - case 7: { + case 7: sx = args[3]->NumberValue(); sy = args[4]->NumberValue(); sw = args[5]->NumberValue(); sh = args[6]->NumberValue(); + if (sx < 0) sw += sx, sx = 0; + if (sy < 0) sh += sy, sy = 0; + if (sx + sw > arr->width()) sw = arr->width() - sx; + if (sy + sh > arr->height()) sh = arr->height() - sy; cols = sw; rows = sh; dx += sx; dy += sy; - } break; default: return ThrowException(Exception::Error(String::New("invalid arguments"))); diff --git a/test/public/tests.js b/test/public/tests.js index 7913c7c..c5896a7 100644 --- a/test/public/tests.js +++ b/test/public/tests.js @@ -1554,12 +1554,24 @@ tests['putImageData() 8'] = function(ctx){ ctx.fillRect(j*25,i*25,25,25); } } - ctx.strokeRect(60,60,50,30); ctx.translate(20,20); var data = ctx.getImageData(0,0,50,50); ctx.putImageData(data,-10,-10,0,20,35,30); }; +tests['putImageData() 9'] = function(ctx){ + for (i=0;i<6;i++){ + for (j=0;j<6;j++){ + ctx.fillStyle = 'rgb(' + Math.floor(255-42.5*i) + ',' + + Math.floor(255-42.5*j) + ',0)'; + ctx.fillRect(j*25,i*25,25,25); + } + } + ctx.translate(20,20); + var data = ctx.getImageData(0,0,50,50); + ctx.putImageData(data,-10,-10,0,20,500,500); +}; + tests['putImageData() alpha'] = function(ctx){ ctx.fillStyle = 'rgba(255,0,0,0.5)' ctx.fillRect(0,0,50,100);