Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(247)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/WebCore/html/canvas/WebGLRenderingContext.cpp

Issue 7171012: Merge 88489 - 2011-06-09 Kenneth Russell <kbr@google.com> (Closed) Base URL: http://svn.webkit.org/repository/webkit/branches/chromium/782/
Patch Set: Created 9 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « Source/WebCore/html/canvas/WebGLRenderingContext.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/WebCore/html/canvas/WebGLRenderingContext.cpp
===================================================================
--- Source/WebCore/html/canvas/WebGLRenderingContext.cpp (revision 88897)
+++ Source/WebCore/html/canvas/WebGLRenderingContext.cpp (working copy)
@@ -2807,14 +2807,13 @@
cleanupAfterGraphicsCall(false);
}
-void WebGLRenderingContext::readPixels(GC3Dint x, GC3Dint y, GC3Dsizei width, GC3Dsizei height, GC3Denum format, GC3Denum type, ArrayBufferView* pixels, ExceptionCode& ec)
+void WebGLRenderingContext::readPixels(GC3Dint x, GC3Dint y, GC3Dsizei width, GC3Dsizei height, GC3Denum format, GC3Denum type, ArrayBufferView* pixels, ExceptionCode&)
{
if (isContextLost())
return;
- if (!canvas()->originClean()) {
- ec = SECURITY_ERR;
- return;
- }
+ // Due to WebGL's same-origin restrictions, it is not possible to
+ // taint the origin using the WebGL API.
+ ASSERT(canvas()->originClean());
// Validate input parameters.
if (!pixels) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
@@ -3157,7 +3156,11 @@
return;
if (!validateHTMLImageElement(image))
return;
- checkOrigin(image);
+ if (wouldTaintOrigin(image)) {
+ ec = SECURITY_ERR;
+ return;
+ }
+
texImage2DImpl(target, level, internalformat, format, type, image->cachedImage()->image(),
m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
@@ -3172,7 +3175,10 @@
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
- checkOrigin(canvas);
+ if (wouldTaintOrigin(canvas)) {
+ ec = SECURITY_ERR;
+ return;
+ }
RefPtr<ImageData> imageData = canvas->getImageData();
if (imageData)
texImage2D(target, level, internalformat, format, type, imageData.get(), ec);
@@ -3182,7 +3188,7 @@
}
#if ENABLE(VIDEO)
-PassRefPtr<Image> WebGLRenderingContext::videoFrameToImage(HTMLVideoElement* video)
+PassRefPtr<Image> WebGLRenderingContext::videoFrameToImage(HTMLVideoElement* video, ExceptionCode& ec)
{
if (!video || !video->videoWidth() || !video->videoHeight()) {
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
@@ -3194,7 +3200,10 @@
m_context->synthesizeGLError(GraphicsContext3D::OUT_OF_MEMORY);
return 0;
}
- checkOrigin(video);
+ if (wouldTaintOrigin(video)) {
+ ec = SECURITY_ERR;
+ return 0;
+ }
IntRect destRect(0, 0, size.width(), size.height());
// FIXME: Turn this into a GPU-GPU texture copy instead of CPU readback.
video->paintCurrentFrameInContext(buf->context(), destRect);
@@ -3207,8 +3216,8 @@
ec = 0;
if (isContextLost())
return;
- RefPtr<Image> image = videoFrameToImage(video);
- if (!video)
+ RefPtr<Image> image = videoFrameToImage(video, ec);
+ if (!image)
return;
texImage2DImpl(target, level, internalformat, format, type, image.get(), m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
@@ -3349,7 +3358,10 @@
return;
if (!validateHTMLImageElement(image))
return;
- checkOrigin(image);
+ if (wouldTaintOrigin(image)) {
+ ec = SECURITY_ERR;
+ return;
+ }
texSubImage2DImpl(target, level, xoffset, yoffset, format, type, image->cachedImage()->image(),
m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
@@ -3364,7 +3376,10 @@
m_context->synthesizeGLError(GraphicsContext3D::INVALID_VALUE);
return;
}
- checkOrigin(canvas);
+ if (wouldTaintOrigin(canvas)) {
+ ec = SECURITY_ERR;
+ return;
+ }
RefPtr<ImageData> imageData = canvas->getImageData();
if (imageData)
texSubImage2D(target, level, xoffset, yoffset, format, type, imageData.get(), ec);
@@ -3380,8 +3395,8 @@
ec = 0;
if (isContextLost())
return;
- RefPtr<Image> image = videoFrameToImage(video);
- if (!video)
+ RefPtr<Image> image = videoFrameToImage(video, ec);
+ if (!image)
return;
texSubImage2DImpl(target, level, xoffset, yoffset, format, type, image.get(), m_unpackFlipY, m_unpackPremultiplyAlpha, ec);
}
« no previous file with comments | « Source/WebCore/html/canvas/WebGLRenderingContext.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698