<CANVAS> fuzzer by lcamtuf@coredump.cx

Deallocate canvas after every cycle (NULL ptr in Safari, likely exploitable in Opera)
Keep context (if combined with above, NULL ptr Firefox, likely exploitable in Opera)
Use large canvas scaling (likely exploitable in Opera, bogs down Firefox)
Return undefined values (NULL ptr Safari, may hang Opera)
Return large integers (exploitable crash in Safari, OOM/DoS elsewhere)
Skip time-consuming operations (quicker, but may miss issues)