RESOLVED FIXED 11760
Animated GIFs with offsets crash WebKit 
https://bugs.webkit.org/show_bug.cgi?id=11760
Summary Animated GIFs with offsets crash WebKit
Dex Deacon
Reported 2006-12-05 11:39:13 PST
WebKit crashes when decoding an animated GIF that contains a frame with a nonzero X offset.
Attachments
proposed patch (1.40 KB, patch)
2006-12-05 11:41 PST, Dex Deacon 		no flags
DetailsFormatted DiffDiff
better patch with layout test (9.03 KB, patch)
2006-12-06 13:06 PST, Dex Deacon 		mjs: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Dex Deacon
Comment 1 2006-12-05 11:41:51 PST
Created attachment 11742 [details] proposed patch
David Kilzer (:ddkilzer)
Comment 2 2006-12-06 03:11:08 PST
The image at the URL above appears to work for me without crashing using a locally-built debug build of r18014. Please post a stack trace if you get a crash.
Alexey Proskuryakov
Comment 3 2006-12-06 09:06:27 PST
I think that's because WebKit uses ImageIO on Mac OS X, rather than the built-in decoders.
David Kilzer (:ddkilzer)
Comment 4 2006-12-06 11:14:03 PST
(In reply to comment #3) > I think that's because WebKit uses ImageIO on Mac OS X, rather than the > built-in decoders. My bad--didn't notice this happened on Win XP.
Dex Deacon
Comment 5 2006-12-06 13:06:41 PST
Created attachment 11757 [details] better patch with layout test This patch fixes another buffer overflow that I missed in the first patch. Also, this also corrects the way frames are composited in animating GIFs.
Maciej Stachowiak
Comment 6 2006-12-07 15:37:21 PST
Comment on attachment 11757 [details] better patch with layout test r=me
Mark Rowe (bdash)
Comment 7 2006-12-18 15:42:20 PST
Landed in r18289. Dex, can you please be wary of using tabs in changelog entries? Thanks very much for the fix!
Note You need to log in before you can comment on or make changes to this bug.