skia2/modules/canvaskit/cpu.js
Bryce Thomas 1fa54044ef rm CanvasKit.HEAPU8.buffer caching (fix UAF bug).
Cached references to the WASM heap buffer are invalid following memory growth:
https://github.com/emscripten-core/emscripten/issues/6747#issuecomment-400081465.
This change replaces references to the cached CanvasKit.buffer with direct
references to CanvasKit.HEAPU8.buffer.  The symptom of this bug is a Javascript
error thrown in the Chrome console: "Uncaught TypeError: Cannot perform
Construct on a neutered ArrayBuffer", causing the operation in question to fail.

Bug: NONE
Change-Id: I27462e80db1d33e0e77ee7295b25039c9036d2e2
Reviewed-on: https://skia-review.googlesource.com/c/skia/+/264477
Reviewed-by: Kevin Lubick <kjlubick@google.com>
2020-01-15 14:48:36 +00:00

87 lines
3.2 KiB
JavaScript

// Adds compile-time JS functions to augment the CanvasKit interface.
// Specifically, anything that should only be on the CPU version of canvaskit.
(function(CanvasKit){
CanvasKit._extraInitializations = CanvasKit._extraInitializations || [];
CanvasKit._extraInitializations.push(function() {
// Takes in an html id or a canvas element
CanvasKit.MakeSWCanvasSurface = function(idOrElement) {
var canvas = idOrElement;
if (canvas.tagName !== 'CANVAS') {
canvas = document.getElementById(idOrElement);
if (!canvas) {
throw 'Canvas with id ' + idOrElement + ' was not found';
}
}
// Maybe better to use clientWidth/height. See:
// https://webglfundamentals.org/webgl/lessons/webgl-anti-patterns.html
var surface = CanvasKit.MakeSurface(canvas.width, canvas.height);
if (surface) {
surface._canvas = canvas;
}
return surface;
};
// Don't over-write the MakeCanvasSurface set by gpu.js if it exists.
if (!CanvasKit.MakeCanvasSurface) {
CanvasKit.MakeCanvasSurface = CanvasKit.MakeSWCanvasSurface;
}
CanvasKit.MakeSurface = function(width, height) {
/* @dict */
var imageInfo = {
'width': width,
'height': height,
'colorType': CanvasKit.ColorType.RGBA_8888,
// Since we are sending these pixels directly into the HTML canvas,
// (and those pixels are un-premultiplied, i.e. straight r,g,b,a)
'alphaType': CanvasKit.AlphaType.Unpremul,
}
var pixelLen = width * height * 4; // it's 8888, so 4 bytes per pixel
// Allocate the buffer of pixels to be drawn into.
var pixelPtr = CanvasKit._malloc(pixelLen);
var surface = this._getRasterDirectSurface(imageInfo, pixelPtr, width*4);
if (surface) {
surface._canvas = null;
surface._width = width;
surface._height = height;
surface._pixelLen = pixelLen;
surface._pixelPtr = pixelPtr;
// rasterDirectSurface does not initialize the pixels, so we clear them
// to transparent black.
surface.getCanvas().clear(CanvasKit.TRANSPARENT);
}
return surface;
};
CanvasKit.SkSurface.prototype.flush = function() {
this._flush();
// Do we have an HTML canvas to write the pixels to?
// We will not if this a GPU build or a raster surface, for example.
if (this._canvas) {
var pixels = new Uint8ClampedArray(CanvasKit.HEAPU8.buffer, this._pixelPtr, this._pixelLen);
var imageData = new ImageData(pixels, this._width, this._height);
this._canvas.getContext('2d').putImageData(imageData, 0, 0);
}
};
// Call dispose() instead of delete to clean up the underlying memory
CanvasKit.SkSurface.prototype.dispose = function() {
if (this._pixelPtr) {
CanvasKit._free(this._pixelPtr);
}
this.delete();
}
CanvasKit.currentContext = CanvasKit.currentContext || function() {
// no op if this is a cpu-only build.
};
CanvasKit.setCurrentContext = CanvasKit.setCurrentContext || function() {
// no op if this is a cpu-only build.
};
});
}(Module)); // When this file is loaded in, the high level object is "Module";