Uplift of #6320 (squashed) to beta

browser/farbling/brave_offscreencanvas_farbling_browsertest.cc

@@ -0,0 +1,135 @@
+/* Copyright (c) 2020 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "base/path_service.h"
+#include "base/strings/stringprintf.h"
+#include "base/task/post_task.h"
+#include "base/test/thread_test_helper.h"
+#include "brave/browser/brave_browser_process_impl.h"
+#include "brave/browser/brave_content_browser_client.h"
+#include "brave/browser/extensions/brave_base_local_data_files_browsertest.h"
+#include "brave/common/brave_paths.h"
+#include "brave/common/pref_names.h"
+#include "brave/components/brave_shields/browser/brave_shields_util.h"
+#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
+#include "chrome/browser/extensions/extension_browsertest.h"
+#include "chrome/browser/ui/browser.h"
+#include "chrome/common/chrome_content_client.h"
+#include "chrome/test/base/in_process_browser_test.h"
+#include "chrome/test/base/ui_test_utils.h"
+#include "components/permissions/permission_request.h"
+#include "components/prefs/pref_service.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/test/browser_test.h"
+#include "content/public/test/browser_test_utils.h"
+#include "net/dns/mock_host_resolver.h"
+
+using brave_shields::ControlType;
+
+const char kEmbeddedTestServerDirectory[] = "canvas";
+const char kTitleScript[] = "domAutomationController.send(document.title);";
+
+class BraveOffscreenCanvasFarblingBrowserTest : public InProcessBrowserTest {
+ public:
+  void SetUpOnMainThread() override {
+    InProcessBrowserTest::SetUpOnMainThread();
+
+    content_client_.reset(new ChromeContentClient);
+    content::SetContentClient(content_client_.get());
+    browser_content_client_.reset(new BraveContentBrowserClient());
+    content::SetBrowserClientForTesting(browser_content_client_.get());
+
+    host_resolver()->AddRule("*", "127.0.0.1");
+    content::SetupCrossSiteRedirector(embedded_test_server());
+
+    brave::RegisterPathProvider();
+    base::FilePath test_data_dir;
+    base::PathService::Get(brave::DIR_TEST_DATA, &test_data_dir);
+    test_data_dir = test_data_dir.AppendASCII(kEmbeddedTestServerDirectory);
+    embedded_test_server()->ServeFilesFromDirectory(test_data_dir);
+
+    ASSERT_TRUE(embedded_test_server()->Start());
+
+    top_level_page_url_ = embedded_test_server()->GetURL("a.com", "/");
+    offscreen_farbling_url_ =
+        embedded_test_server()->GetURL("a.com", "/offscreen-farbling.html");
+  }
+
+  void TearDown() override {
+    browser_content_client_.reset();
+    content_client_.reset();
+  }
+
+  const GURL& offscreen_farbling_url() { return offscreen_farbling_url_; }
+
+  HostContentSettingsMap* content_settings() {
+    return HostContentSettingsMapFactory::GetForProfile(browser()->profile());
+  }
+
+  void AllowFingerprinting() {
+    brave_shields::SetFingerprintingControlType(
+        content_settings(), ControlType::ALLOW, top_level_page_url_);
+  }
+
+  void BlockFingerprinting() {
+    brave_shields::SetFingerprintingControlType(
+        content_settings(), ControlType::BLOCK, top_level_page_url_);
+  }
+
+  void SetFingerprintingDefault() {
+    brave_shields::SetFingerprintingControlType(
+        content_settings(), ControlType::DEFAULT, top_level_page_url_);
+  }
+
+  template <typename T>
+  std::string ExecScriptGetStr(const std::string& script, T* frame) {
+    std::string value;
+    EXPECT_TRUE(ExecuteScriptAndExtractString(frame, script, &value));
+    return value;
+  }
+
+  content::WebContents* contents() {
+    return browser()->tab_strip_model()->GetActiveWebContents();
+  }
+
+  bool NavigateToURLUntilLoadStop(const GURL& url) {
+    ui_test_utils::NavigateToURL(browser(), url);
+    return WaitForLoadStop(contents());
+  }
+
+ private:
+  GURL top_level_page_url_;
+  GURL offscreen_farbling_url_;
+  std::unique_ptr<ChromeContentClient> content_client_;
+  std::unique_ptr<BraveContentBrowserClient> browser_content_client_;
+};
+
+IN_PROC_BROWSER_TEST_F(BraveOffscreenCanvasFarblingBrowserTest,
+                       MustNotTimeout) {
+  AllowFingerprinting();
+  NavigateToURLUntilLoadStop(offscreen_farbling_url());
+  // NavigateToURLUntilLoadStop() will return before our Worker has a chance to
+  // run its code to completion, so we block here until document.title changes.
+  // This will happen relatively quickly if things are going well inside the
+  // Worker. If the browser crashes while executing the Worker code (which is
+  // what this test is really testing), then this will never unblock and the
+  // entire browser test will eventually time out. Timing out indicates a fatal
+  // error.
+  while (ExecScriptGetStr(kTitleScript, contents()) == "") {
+  }
+  EXPECT_EQ(ExecScriptGetStr(kTitleScript, contents()), "pass");
+
+  BlockFingerprinting();
+  NavigateToURLUntilLoadStop(offscreen_farbling_url());
+  while (ExecScriptGetStr(kTitleScript, contents()) == "") {
+  }
+  EXPECT_EQ(ExecScriptGetStr(kTitleScript, contents()), "pass");
+
+  SetFingerprintingDefault();
+  NavigateToURLUntilLoadStop(offscreen_farbling_url());
+  while (ExecScriptGetStr(kTitleScript, contents()) == "") {
+  }
+  EXPECT_EQ(ExecScriptGetStr(kTitleScript, contents()), "pass");
+}

chromium_src/third_party/blink/renderer/core/html/canvas/canvas_async_blob_creator.cc

@@ -5,11 +5,12 @@
 
 #include "third_party/blink/renderer/core/frame/local_dom_window.h"
 
-#define BRAVE_CANVAS_ASYNC_BLOB_CREATOR                               \
-  Document* document = To<LocalDOMWindow>(context)->document();       \
-  if (document) {                                                     \
-    image_ = brave::BraveSessionCache::From(*document).PerturbPixels( \
-        document->GetFrame(), image_);                                \
+#define BRAVE_CANVAS_ASYNC_BLOB_CREATOR                                 \
+  if (LocalDOMWindow* window = DynamicTo<LocalDOMWindow>(context)) {    \
+    if (Document* document = window->document()) {                      \
+      image_ = brave::BraveSessionCache::From(*document).PerturbPixels( \
+          document->GetFrame(), image_);                                \
+    }                                                                   \
   }
 
 #include "../../../../../../../../third_party/blink/renderer/core/html/canvas/canvas_async_blob_creator.cc"

test/BUILD.gn

@@ -531,6 +531,7 @@ test("brave_browser_tests") {
     "//brave/browser/extensions/brave_extension_provider_browsertest.cc",
     "//brave/browser/extensions/brave_theme_event_router_browsertest.cc",
     "//brave/browser/farbling/brave_navigator_plugins_farbling_browsertest.cc",
+    "//brave/browser/farbling/brave_offscreencanvas_farbling_browsertest.cc",
     "//brave/browser/farbling/brave_webaudio_farbling_browsertest.cc",
     "//brave/browser/farbling/brave_webgl_farbling_browsertest.cc",
     "//brave/browser/net/brave_network_delegate_browsertest.cc",

test/data/canvas/offscreen-farbling.html

@@ -0,0 +1,31 @@
+<!DOCTYPE html>
+<!-- OffscreenCanvas crash test -->
+<html>
+  <head>
+    <title></title>
+    <meta charset="utf-8">
+</head>
+<body>
+  <script>
+    var worker = function() {
+        var adder = (a, x) => a + x;
+        var canvas = new OffscreenCanvas(16, 16);
+        var ctx = canvas.getContext('2d');
+        var data = ctx.createImageData(canvas.width, canvas.height);
+        ctx.putImageData(data, 0, 0);
+        canvas.convertToBlob().then(function(blob) {
+            postMessage("pass");
+        });
+    }
+
+    var workerBlob = new Blob(['(' + worker.toString() + ')()'], {
+        type: "text/javascript"
+    });
+
+    worker = new Worker(window.URL.createObjectURL(workerBlob));
+    worker.onmessage = function (e) {
+        document.title = e.data;
+    };
+  </script>
+</body>
+</html>