Bug 1835989 - Calculate the canvas random noises before we allocate the ArrayData in CanvasRenderingContext2D. r=lsalzman

We calculate the canvas random noises after allocating the ArrayData
that shouldn't be GC'ed. However, GC can happen when generating the
random noises. This could have potential issue that ArrayData get GC'ed
when it shouldn't be.

This patch fixes this by moving the calculation of random noises before
allocating the Array Data.

Differential Revision: https://phabricator.services.mozilla.com/D179538

dom/canvas/CanvasRenderingContext2D.cpp

@@ -5868,6 +5868,15 @@ nsresult CanvasRenderingContext2D::GetImageDataArray(
       // service) after we call JS_GetUint8ClampedArrayData, we will
       // pre-generate the randomness required for GeneratePlaceholderCanvasData.
       randomData = TryToGenerateRandomDataForPlaceholderCanvasData();
+    } else if (needRandomizePixels) {
+      // Apply the random noises if canvan randomization is enabled. We don't
+      // need to calculate random noises if we are going to use the place
+      // holder.
+
+      const IntSize size = readback->GetSize();
+      nsRFPService::RandomizePixels(GetCookieJarSettings(), rawData.mData,
+                                    size.height * size.width * 4,
+                                    SurfaceFormat::A8R8G8B8_UINT32);
     }
 
     JS::AutoCheckCannotGC nogc;
@@ -5880,14 +5889,6 @@ nsresult CanvasRenderingContext2D::GetImageDataArray(
       break;
     }
 
-    // Apply the random noises if canvan randomization is enabled.
-    if (needRandomizePixels) {
-      const IntSize size = readback->GetSize();
-      nsRFPService::RandomizePixels(GetCookieJarSettings(), rawData.mData,
-                                    size.height * size.width * 4,
-                                    SurfaceFormat::A8R8G8B8_UINT32);
-    }
-
     uint32_t srcStride = rawData.mStride;
     uint8_t* src =
         rawData.mData + srcReadRect.y * srcStride + srcReadRect.x * 4;