You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Certain calls to getImageData can cause node to crash. It looks like it's rectangles that are completely outside of the canvas cause this, but I'm not completely sure.
I have a suspicion that this is the same issue as #1749, but hopefully I'll have some more information for you all to go on, and this is also somewhat related to the fact that this behavior isn't spec compliant (#1849).
Running the above will get us a core dump with a FATAL ERROR: v8::ArrayBuffer::New Allocation failed - process out of memory error message, however if you change that call to something like getImageData(0, -9, 10, 10), it runs fine (both seem to work without errors in browsers). This doesn't seem to be a genuine out of memory error, however. A quick trip to lldb gets us a stack trace that looks something like this:
That call to ArrayBuffer::New is ultimately the one causing the core dump (it looks to be coming from here). If we take a look at the current local variables, we get:
The one that stands out to me is that size (the same size we're passing into the ArrayBuffer constructor) is negative. A quick dive into Node's source wasn't enough to tell me if ArrayBuffer would throw that specific error if given a negative size, but it'd be my first guess.
Additionally, calling getImageData(0, -10, 10, 10) will get you a crash with a completely different error message ('FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal.'), but I haven't looked into that one.
Additionally, calling getImageData(0, -10, 10, 10) will get you a crash with a completely different error message ('FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal.'), but I haven't looked into that one.
I also see this when calling createImageData(x, y) if x === 0 || y === 0.
I have the error FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal. when getImageData is called with negative x, y values. In my specific case, the method is called from the function genericComposeSMask when the maskOffsetX and Y are bigger than the layerOffsetX and Y. Is there a possible workaround or do we have to wait a fix ? This happens in any version of canvas and/or node
Issue
Certain calls to
getImageData
can cause node to crash. It looks like it's rectangles that are completely outside of the canvas cause this, but I'm not completely sure.I have a suspicion that this is the same issue as #1749, but hopefully I'll have some more information for you all to go on, and this is also somewhat related to the fact that this behavior isn't spec compliant (#1849).
Steps to Reproduce
Running the above will get us a core dump with a
FATAL ERROR: v8::ArrayBuffer::New Allocation failed - process out of memory
error message, however if you change that call to something likegetImageData(0, -9, 10, 10)
, it runs fine (both seem to work without errors in browsers). This doesn't seem to be a genuine out of memory error, however. A quick trip tolldb
gets us a stack trace that looks something like this:The interesting line being on frame 8:
That call to
ArrayBuffer::New
is ultimately the one causing the core dump (it looks to be coming from here). If we take a look at the current local variables, we get:The one that stands out to me is that
size
(the samesize
we're passing into theArrayBuffer
constructor) is negative. A quick dive into Node's source wasn't enough to tell me ifArrayBuffer
would throw that specific error if given a negative size, but it'd be my first guess.Additionally, calling
getImageData(0, -10, 10, 10)
will get you a crash with a completely different error message ('FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal.'), but I haven't looked into that one.Your Environment
The text was updated successfully, but these errors were encountered: