Bug 15909

Summary: Public GIF image decoder can (still) corrupt memory on malformed GIFs
Product: WebKit Reporter: Peter Kasting <pkasting>
Component: ImagesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Attachments:
Description Flags
patch v1 mrowe: review+

Peter Kasting
Reported 2007-11-08 15:44:26 PST
Follow-on bug to bug 15778. My original patch had an oversight; I didn't catch the case where an image had an excessively large frame with a nonzero Y-offset, which could still have caused a fault. Simple patch coming shortly.
Attachments
patch v1 (1.30 KB, patch)
2007-11-08 16:00 PST, Peter Kasting 		mrowe: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Peter Kasting
Comment 1 2007-11-08 16:00:00 PST
Created attachment 17133 [details] patch v1 Easy fix.
Mark Rowe (bdash)
Comment 2 2007-11-08 17:58:03 PST
Comment on attachment 17133 [details] patch v1 r=me
Mark Rowe (bdash)
Comment 3 2007-11-09 04:54:16 PST
Landed in r27642.
Note You need to log in before you can comment on or make changes to this bug.