Bug 1541113 - Avoid crashing content process with giant drawtarget. r=mstange

Differential Revision: https://phabricator.services.mozilla.com/D25931 --HG-- extra : moz-landing-system : lando
2019-04-05 16:26:59 +00:00 · 2019-04-05 16:26:59 +00:00 · 4d9ac753d2
--- a/gfx/tests/crashtests/1541113.html
+++ b/gfx/tests/crashtests/1541113.html
@ -0,0 +1,7 @@
+<html><head>
+<meta http-equiv="content-type" content="text/html; charset=windows-1252"></head><body><svg>
+<filter id="a">
+<feTile></feTile>
+</filter>
+<polyline filter="url(#a)" points="2,0 4,2 1,32767"></polyline>
+</svg></body></html>
--- a/gfx/tests/crashtests/crashtests.list
+++ b/gfx/tests/crashtests/crashtests.list
@ -184,3 +184,4 @@ load 1509123.html
 load 1494062-blob-image-wraplist-clip.html
 load texture-allocator-zero-region.html
 load 1524418.html
+load 1541113.html
--- a/layout/svg/nsFilterInstance.cpp
+++ b/layout/svg/nsFilterInstance.cpp
@ -700,9 +700,13 @@ void nsFilterInstance::BuildSourceImage(DrawTarget* aDest,
    return;
  }

-  RefPtr<DrawTarget> offscreenDT = aDest->CreateSimilarDrawTargetForFilter(
-      neededRect.Size(), SurfaceFormat::B8G8R8A8, aFilter, aSource, aSourceRect,
+  RefPtr<DrawTarget> offscreenDT;
+  SurfaceFormat format = SurfaceFormat::B8G8R8A8;
+  if (aDest->CanCreateSimilarDrawTarget(neededRect.Size(), format)) {
+    offscreenDT = aDest->CreateSimilarDrawTargetForFilter(
+      neededRect.Size(), format, aFilter, aSource, aSourceRect,
      Point(0, 0));
+  }
  if (!offscreenDT || !offscreenDT->IsValid()) {
    return;
  }