Bug 15974

Summary: Public GIF image decoder does not handle disposal of previous frames correctly
Product: WebKit Reporter: Peter Kasting <pkasting>
Component: ImagesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: alp
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Attachments:
Description Flags
Sample image relying on "not specified" disposal
none
Sample image (1) relying on "clear to previous"
none
Sample image (2) relying on "clear to previous"
none
patch v1
mrowe: review-
patch v2 alp: review+

Peter Kasting
Reported 2007-11-13 17:32:43 PST
GIFImageDecoder.cpp (not used by Safari, but used by the Cairo/Qt ports) does not correctly deal with disposal of previous frames in a multi-frame GIF. GIFs can specify four disposal methods for a frame: "not specified", "keep", "clear to background color", and "clear to previous". There are multiple issues: * GIFImageReader doesn't provide the disposal method to GIFImageDecoder.cpp, just a flag indicating whether or not the method was "keep". This makes it impossible to distinguish the two clear methods, and more noticeably, treats "not specified" like a clear method. Mozilla, IE, and Safari, by contrast, treat "not specified" as "keep", and at least some GIFs on the web rely on this (example to be attached after filing). * When clearing, the code in GIFImageDecoder.cpp:initFrameBuffer() reverts to the contents of frame 0, which is not the same as either of the clear methods in the spec. By contrast, Mozilla treats both clear methods like "clear to background color". I don't know what IE or Safari do or what actual images rely on. I think the right fix here is to change RGBA32Buffer's "includeInNextFrame()" method (which is only used by the GIF decoder) to instead return an actual disposal method, have GIFImageReader provide the true disposal method, and then fix initFrameBuffer() to respect this method. I don't know whether "clear to previous" should be treated like "clear to background color" (as Mozilla does) or made to follow the GIF spec. Input welcome.
Attachments
Sample image relying on "not specified" disposal (58.28 KB, image/gif)
2007-11-13 17:34 PST, Peter Kasting 		no flags
Details
Sample image (1) relying on "clear to previous" (3.88 KB, image/gif)
2007-11-13 17:45 PST, Peter Kasting 		no flags
Details
Sample image (2) relying on "clear to previous" (4.03 KB, image/gif)
2007-11-13 17:47 PST, Peter Kasting 		no flags
Details
patch v1 (21.44 KB, patch)
2007-11-16 14:18 PST, Peter Kasting 		mrowe: review-
DetailsFormatted DiffDiff
patch v2 (21.39 KB, patch)
2007-11-26 18:13 PST, Peter Kasting 		alp: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Peter Kasting
Comment 1 2007-11-13 17:34:26 PST
Created attachment 17247 [details] Sample image relying on "not specified" disposal This image never specifies a disposal method for any of its frames, and relies on that making each frame act like the disposal method was "keep".
Peter Kasting
Comment 2 2007-11-13 17:45:55 PST
Created attachment 17249 [details] Sample image (1) relying on "clear to previous" Here's an image that I think relies on "clear to previous" behavior to work right.
Peter Kasting
Comment 3 2007-11-13 17:47:23 PST
Created attachment 17250 [details] Sample image (2) relying on "clear to previous" ...and another. Firefox, IE and Safari all display both these images fine. I need to verify exactly what the clearing behavior in the files is, though.
Peter Kasting
Comment 4 2007-11-13 17:51:18 PST
I lied, I don't think Mozilla treats "clear to previous" as "clear to background color". I was misinterpreting their code. I think everybody else actually gets this right according to the spec.
Peter Kasting
Comment 5 2007-11-16 14:18:35 PST
Created attachment 17320 [details] patch v1 This patch makes all the above attached images work correctly. It also calls ensureHeight() in a more consistent way (we don't ensureHeight(m_size.height()) on some frames before decoding anything the way we did before) and calls setHasAlpha() correctly (although a bit conservatively -- we might claim to have alpha when we don't, but never the other way), which was trickier with the new initialization code.
Darin Adler
Comment 6 2007-11-16 20:18:01 PST
Comment on attachment 17320 [details] patch v1 r=me
Mark Rowe (bdash)
Comment 7 2007-11-19 04:22:48 PST
Landed in r27896.
Mark Rowe (bdash)
Comment 8 2007-11-19 05:03:08 PST
I had to roll this out as it caused a bunch of build failures in the ports using this class.
Alp Toker
Comment 9 2007-11-23 15:00:33 PST
Peter, If you need some help integrating your modified GIF API into other ports, please do ask and I'll be happy to take a look.
Peter Kasting
Comment 10 2007-11-24 22:53:05 PST
(In reply to comment #9) > If you need some help integrating your modified GIF API into other ports, > please do ask and I'll be happy to take a look. If you have the ability to build various other ports, help would be very appreciated. Feel free to post an updated patch. Otherwise, I will try to get to writing patches that cover the other ports as well in the next few days (although I don't have the ability to build them to test).
Peter Kasting
Comment 11 2007-11-26 18:13:12 PST
Created attachment 17541 [details] patch v2 This attempts to fix build bustage problems.
Alp Toker
Comment 12 2007-11-26 19:01:47 PST
Landed in r28068.
Note You need to log in before you can comment on or make changes to this bug.