RESOLVED FIXED Bug 15142
GIFImageDecoder can lie about frame count 
https://bugs.webkit.org/show_bug.cgi?id=15142
Summary GIFImageDecoder can lie about frame count
Peter Kasting
Reported 2007-09-04 12:01:26 PDT
WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp (not used by Safari, but used by Cairo/QT) has an API safety issue in frameBufferAtIndex(): it assumes the frame count has already been decoded, so it just returns the size of the internal frame buffer. But if a caller calls this function when the decoder has received more data since its last decode (or since ever, if nothing has forced the decoder to start decoding), this value is out of date. The fix is easy: just call the existing frameCount() function which determines if the count is up to date and recalculates it if not. Patch coming shortly.
Attachments
patch v1 (1.25 KB, patch)
2007-09-04 12:06 PDT, Peter Kasting 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Peter Kasting
Comment 1 2007-09-04 12:06:49 PDT
Created attachment 16199 [details] patch v1 Simple fix
Maciej Stachowiak
Comment 2 2007-09-29 18:12:34 PDT
Comment on attachment 16199 [details] patch v1 r=me
Eric Seidel (no email)
Comment 3 2007-10-07 01:38:59 PDT
Is this for feature-branch or trunk? I don't know where qt development is going on these days.
Mark Rowe (bdash)
Comment 4 2007-10-14 04:36:59 PDT
Landed in r26579.
Note You need to log in before you can comment on or make changes to this bug.