Bug 116494

Summary: Fix crash in BitmapImage::destroyDecodedData()
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: ImagesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, commit-queue, dino
Priority: P2 Keywords: BlinkMergeCandidate
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Ryosuke Niwa
Reported 2013-05-20 19:22:20 PDT
Merge https://chromium.googlesource.com/chromium/blink/+/6b6887bf53068f8537908e501fdc7317ad2c6d86 In some cases, m_currentFrame may be bigger than m_frames.size(). Should limit the upper bound of the loop to m_frames.size().
Attachments
Patch (1.83 KB, patch)
2013-11-05 05:23 PST, Laszlo Vidacs 		no flags
DetailsFormatted DiffDiff
Patch (1.83 KB, patch)
2013-11-05 09:27 PST, Laszlo Vidacs 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Laszlo Vidacs
Comment 1 2013-11-05 05:23:49 PST
Created attachment 216031 [details] Patch
Csaba Osztrogonác
Comment 2 2013-11-05 06:31:19 PST
Comment on attachment 216031 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=216031&action=review > Source/WebCore/ChangeLog:3 > + > + Please remove an extra newline.
Laszlo Vidacs
Comment 3 2013-11-05 09:27:56 PST
Created attachment 216046 [details] Patch
Csaba Osztrogonác
Comment 4 2013-11-07 02:38:35 PST
Comment on attachment 216046 [details] Patch LGTM, r=me.
WebKit Commit Bot
Comment 5 2013-11-07 03:02:19 PST
Comment on attachment 216046 [details] Patch Clearing flags on attachment: 216046 Committed r158840: <http://trac.webkit.org/changeset/158840>
WebKit Commit Bot
Comment 6 2013-11-07 03:02:21 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.