15142 2007-09-04 12:01:26 -0700 GIFImageDecoder can lie about frame count 2007-10-14 04:36:59 -0700 1 1 1 Unclassified WebKit Images 523.x (Safari 3) PC All RESOLVED FIXED P2 Normal --- 1 pkasting webkit-unassigned oldest_to_newest 934 0 pkasting 2007-09-04 12:01:26 -0700 WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp (not used by Safari, but used by Cairo/QT) has an API safety issue in frameBufferAtIndex(): it assumes the frame count has already been decoded, so it just returns the size of the internal frame buffer. But if a caller calls this function when the decoder has received more data since its last decode (or since ever, if nothing has forced the decoder to start decoding), this value is out of date. The fix is easy: just call the existing frameCount() function which determines if the count is up to date and recalculates it if not. Patch coming shortly. 935 1 16199 pkasting 2007-09-04 12:06:49 -0700 Created attachment 16199 patch v1 Simple fix 57387 2 16199 mjs 2007-09-29 18:12:34 -0700 Comment on attachment 16199 patch v1 r=me 57999 3 eric 2007-10-07 01:38:59 -0700 Is this for feature-branch or trunk? I don't know where qt development is going on these days. 58483 4 mrowe 2007-10-14 04:36:59 -0700 Landed in r26579. 16199 2007-09-04 12:06:49 -0700 2007-09-29 18:12:34 -0700 patch v1 patch text/plain 1279 pkasting SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAyNTM1NCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTQgQEAKKzIwMDctMDktMDQgIFBldGVyIEthc3RpbmcgIDx6ZXJvZHB4QGdtYWls LmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBo dHRwOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xNTE0MgorICAgICAgICBSZXR1 cm4gY29ycmVjdCBmcmFtZSBjb3VudCBpbiBHSUZJbWFnZURlY29kZXI6OmZyYW1lQnVmZmVyQXRJ bmRleCgpLAorICAgICAgICBldmVuIGlmIG1vcmUgZGF0YSBoYXMgYXJyaXZlZCBzaW5jZSB0aGUg bGFzdCBkZWNvZGluZyBwYXNzLgorCisgICAgICAgICogcGxhdGZvcm0vaW1hZ2UtZGVjb2RlcnMv Z2lmL0dJRkltYWdlRGVjb2Rlci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpHSUZJbWFnZURlY29k ZXI6OmZyYW1lQnVmZmVyQXRJbmRleCk6CisKIDIwMDctMDktMDQgIERhdmlkIEhhcnJpc29uICA8 aGFycmlzb25AYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IE1hY2llaiBhbmQgSm9o bi4KSW5kZXg6IFdlYkNvcmUvcGxhdGZvcm0vaW1hZ2UtZGVjb2RlcnMvZ2lmL0dJRkltYWdlRGVj b2Rlci5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9wbGF0Zm9ybS9pbWFnZS1kZWNvZGVycy9n aWYvR0lGSW1hZ2VEZWNvZGVyLmNwcAkocmV2aXNpb24gMjUzNTQpCisrKyBXZWJDb3JlL3BsYXRm b3JtL2ltYWdlLWRlY29kZXJzL2dpZi9HSUZJbWFnZURlY29kZXIuY3BwCSh3b3JraW5nIGNvcHkp CkBAIC0xNTgsNyArMTU4LDcgQEAgaW50IEdJRkltYWdlRGVjb2Rlcjo6cmVwZXRpdGlvbkNvdW50 KCkgYwogCiBSR0JBMzJCdWZmZXIqIEdJRkltYWdlRGVjb2Rlcjo6ZnJhbWVCdWZmZXJBdEluZGV4 KHNpemVfdCBpbmRleCkKIHsKLSAgICBpZiAoaW5kZXggPCAwIHx8IGluZGV4ID49IG1fZnJhbWVC dWZmZXJDYWNoZS5zaXplKCkpCisgICAgaWYgKGluZGV4IDwgMCB8fCBpbmRleCA+PSBmcmFtZUNv dW50KCkpCiAgICAgICAgIHJldHVybiAwOwogCiAgICAgUkdCQTMyQnVmZmVyJiBmcmFtZSA9IG1f ZnJhbWVCdWZmZXJDYWNoZVtpbmRleF07Cg==