Bug 187582

Summary: Image is unexpectedly decoded
Product: WebKit Reporter: Yoshiaki Jitsukawa <yoshiaki.jitsukawa>
Component: ImagesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: cgarcia, clopez, fujii.hironori, magomez, sabouhallawa, simon.fraser
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=170432

Yoshiaki Jitsukawa
Reported 2018-07-12 00:03:34 PDT
JavaScript code like var img = new Image(); img.src = "foo.jpg"; unexpectedly gets the image decoded to a bitmap. I've confirmed that JPEGImageDecoder::decode() was called with onlySize == false, using the GTK port. The callstack is like as follows (Just a WebCore::Image::isNull() call caused decoding): WebCore::JPEGImageDecoder::decode(bool onlySize, bool allDataReceived) WebCore::JPEGImageDecoder::frameBufferAtIndex(size_t index) WebCore::ScalableImageDecoder::frameIsCompleteAtIndex(size_t index) WebCore::ImageSource::cacheMetadataAtIndex(size_t index, enum class WebCore::SubsamplingLevel subsamplingLevel, enum class WebCore::DecodingStatus decodingStatus) WebCore::ImageSource::frameAtIndexCacheIfNeeded(size_t index, enum class WebCore::ImageFrame::Caching caching, const std::optional<WebCore::SubsamplingLevel>& subsamplingLevel) WebCore::ImageSource::frameMetadataAtIndexCacheIfNeeded WebCore::ImageSource::size() WebCore::BitmapImage::size() WebCore::Image::isNull()
Attachments
Add attachment proposed patch, testcase, etc.
Yoshiaki Jitsukawa
Comment 1 2018-07-12 00:12:54 PDT
I thought the "return m_decoder->size();" code would be taken: IntSize ImageSource::size() { #if !USE(CG) // It's possible that we have decoded the metadata, but not frame contents yet. In that case ImageDecoder claims to // have the size available, but the frame cache is empty. Return the decoder size without caching in such case. if (m_frames.isEmpty() && isDecoderAvailable()) return m_decoder->size(); #endif return frameMetadataAtIndexCacheIfNeeded<IntSize>(0, (&ImageFrame::size), &m_size, ImageFrame::Caching::Metadata, SubsamplingLevel::Default); } but actually m_frames was not empty because dataChanged() added a frame by growFrames() when EncodedDataStatus got to SizeAvailable EncodedDataStatus ImageSource::dataChanged(SharedBuffer* data, bool allDataReceived) { setData(data, allDataReceived); clearMetadata(); EncodedDataStatus status = encodedDataStatus(); if (status >= EncodedDataStatus::SizeAvailable) growFrames(); return status; }
Fujii Hironori
Comment 2 2018-11-16 05:35:05 PST
*** This bug has been marked as a duplicate of bug 191354 ***
Note You need to log in before you can comment on or make changes to this bug.