Bug 1524418 - Avoid crashing content process with giant drawtarget. r=mstange

Differential Revision: https://phabricator.services.mozilla.com/D21230

--HG--
extra : moz-landing-system : lando

gfx/tests/crashtests/1524418.html

@@ -0,0 +1,11 @@
+<script>
+window.onload=function() {
+  a.setAttribute('style', 'font-size:3154')
+}
+</script>
+<style>
+* {
+  background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciLz4=);
+}
+</style>
+<select size='63' id='a'>

gfx/tests/crashtests/crashtests.list

@@ -183,3 +183,4 @@ load 1505934-1.html
 load 1509123.html
 load 1494062-blob-image-wraplist-clip.html
 load texture-allocator-zero-region.html
+load 1524418.html

gfx/thebes/gfxDrawable.cpp

@@ -98,6 +98,9 @@ already_AddRefed<gfxSurfaceDrawable> gfxCallbackDrawable::MakeSurfaceDrawable(
     gfxContext* aContext, const SamplingFilter aSamplingFilter) {
   SurfaceFormat format = gfxPlatform::GetPlatform()->Optimal2DFormatForContent(
       gfxContentType::COLOR_ALPHA);
+  if (!aContext->GetDrawTarget()->CanCreateSimilarDrawTarget(mSize, format)) {
+    return nullptr;
+  }
   RefPtr<DrawTarget> dt =
       aContext->GetDrawTarget()->CreateSimilarDrawTarget(mSize, format);