Bug 15909

Summary: Public GIF image decoder can (still) corrupt memory on malformed GIFs
Product: WebKit Reporter: Peter Kasting <pkasting>
Component: ImagesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Attachments:
Description Flags
patch v1 mrowe: review+

Description Peter Kasting 2007-11-08 15:44:26 PST 
Follow-on bug to bug 15778.

My original patch had an oversight; I didn't catch the case where an image had an excessively large frame with a nonzero Y-offset, which could still have caused a fault.

Simple patch coming shortly.
Comment 1 Peter Kasting 2007-11-08 16:00:00 PST 
Created attachment 17133 [details]
patch v1

Easy fix.
Comment 2 Mark Rowe (bdash) 2007-11-08 17:58:03 PST 
Comment on attachment 17133 [details]
patch v1

r=me
Comment 3 Mark Rowe (bdash) 2007-11-09 04:54:16 PST 
Landed in r27642.