22885 2008-12-16 13:37:57 -0800 Memory corruption in GIFImageDecoder.cpp 2008-12-16 13:44:42 -0800 1 1 1 Unclassified WebKit Images 528+ (Nightly build) PC All RESOLVED FIXED http://img.waffleimages.com/9d5247a3e6a95c2966c0c5f34b47a7837309f2af/lolchrome.gif P2 Normal --- 1 pkasting pkasting oldest_to_newest 102697 0 pkasting 2008-12-16 13:37:57 -0800 GIFImageDecoder.cpp (which is not used by Safari, but is used by the Cairo port, and is related to the code used by Chromium) has a memory corruption bug with GIFs which insert empty frames, like the one given above. The fix is to ensure frames get initialized even if we never call haveDecodedRow(). Patch coming shortly. 102698 1 26066 pkasting 2008-12-16 13:40:32 -0800 Created attachment 26066 patch v1 102699 2 26066 hyatt 2008-12-16 13:41:39 -0800 Comment on attachment 26066 patch v1 r=me 102700 3 pkasting 2008-12-16 13:44:42 -0800 Fixed in r39340. 26066 2008-12-16 13:40:32 -0800 2008-12-16 13:41:39 -0800 patch v1 patch text/plain 1532 pkasting SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAzOTMzOSkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTMgQEAKKzIwMDgtMTItMTYgIFBldGVyIEthc3RpbmcgIDxwa2FzdGluZ0Bnb29n bGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yMjg4NQorICAgICAgICBG aXggbWVtb3J5IGNvcnJ1cHRpb24gaW4gR0lGSW1hZ2VEZWNvZGVyLmNwcCB3aXRoIGNlcnRhaW4g R0lGcy4KKworICAgICAgICAqIHBsYXRmb3JtL2ltYWdlLWRlY29kZXJzL2dpZi9HSUZJbWFnZURl Y29kZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6R0lGSW1hZ2VEZWNvZGVyOjpmcmFtZUNvbXBs ZXRlKToKKwogMjAwOC0xMi0xNiAgU3RlcGhhbmllIExld2lzICA8c2xld2lzQGFwcGxlLmNvbT4K IAogICAgICAgICBSZXZpZXdlZCBieSBHZW9mZiBHYXJlbi4KSW5kZXg6IFdlYkNvcmUvcGxhdGZv cm0vaW1hZ2UtZGVjb2RlcnMvZ2lmL0dJRkltYWdlRGVjb2Rlci5jcHAKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g V2ViQ29yZS9wbGF0Zm9ybS9pbWFnZS1kZWNvZGVycy9naWYvR0lGSW1hZ2VEZWNvZGVyLmNwcAko cmV2aXNpb24gMzkzMzgpCisrKyBXZWJDb3JlL3BsYXRmb3JtL2ltYWdlLWRlY29kZXJzL2dpZi9H SUZJbWFnZURlY29kZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00MDQsNyArNDA0LDEyIEBAIHZv aWQgR0lGSW1hZ2VEZWNvZGVyOjpoYXZlRGVjb2RlZFJvdyh1bnMKIAogdm9pZCBHSUZJbWFnZURl Y29kZXI6OmZyYW1lQ29tcGxldGUodW5zaWduZWQgZnJhbWVJbmRleCwgdW5zaWduZWQgZnJhbWVE dXJhdGlvbiwgUkdCQTMyQnVmZmVyOjpGcmFtZURpc3Bvc2FsTWV0aG9kIGRpc3Bvc2FsTWV0aG9k KQogeworICAgIC8vIEluaXRpYWxpemUgdGhlIGZyYW1lIGlmIG5lY2Vzc2FyeS4gIFNvbWUgR0lG cyBpbnNlcnQgZG8tbm90aGluZyBmcmFtZXMsCisgICAgLy8gaW4gd2hpY2ggY2FzZSB3ZSBuZXZl ciByZWFjaCBoYXZlRGVjb2RlZFJvdygpIGJlZm9yZSBnZXR0aW5nIGhlcmUuCiAgICAgUkdCQTMy QnVmZmVyJiBidWZmZXIgPSBtX2ZyYW1lQnVmZmVyQ2FjaGVbZnJhbWVJbmRleF07CisgICAgaWYg KGJ1ZmZlci5zdGF0dXMoKSA9PSBSR0JBMzJCdWZmZXI6OkZyYW1lRW1wdHkpCisgICAgICAgIGlu aXRGcmFtZUJ1ZmZlcihmcmFtZUluZGV4KTsKKwogICAgIGJ1ZmZlci5lbnN1cmVIZWlnaHQobV9z aXplLmhlaWdodCgpKTsKICAgICBidWZmZXIuc2V0U3RhdHVzKFJHQkEzMkJ1ZmZlcjo6RnJhbWVD b21wbGV0ZSk7CiAgICAgYnVmZmVyLnNldER1cmF0aW9uKGZyYW1lRHVyYXRpb24pOwo=