Bug 116494

Summary: Fix crash in BitmapImage::destroyDecodedData()
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: ImagesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, dino
Priority: P2 Keywords: BlinkMergeCandidate
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Description Ryosuke Niwa 2013-05-20 19:22:20 PDT
Merge https://chromium.googlesource.com/chromium/blink/+/6b6887bf53068f8537908e501fdc7317ad2c6d86

In some cases, m_currentFrame may be bigger than m_frames.size().
Should limit the upper bound of the loop to m_frames.size().
Comment 1 Laszlo Vidacs 2013-11-05 05:23:49 PST
Created attachment 216031 [details]
Patch
Comment 2 Csaba Osztrogonác 2013-11-05 06:31:19 PST
Comment on attachment 216031 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=216031&action=review

> Source/WebCore/ChangeLog:3
> +
> +        

Please remove an extra newline.
Comment 3 Laszlo Vidacs 2013-11-05 09:27:56 PST
Created attachment 216046 [details]
Patch
Comment 4 Csaba Osztrogonác 2013-11-07 02:38:35 PST
Comment on attachment 216046 [details]
Patch

LGTM, r=me.
Comment 5 WebKit Commit Bot 2013-11-07 03:02:19 PST
Comment on attachment 216046 [details]
Patch

Clearing flags on attachment: 216046

Committed r158840: <http://trac.webkit.org/changeset/158840>
Comment 6 WebKit Commit Bot 2013-11-07 03:02:21 PST
All reviewed patches have been landed.  Closing bug.