Bug 22885

Summary:

Memory corruption in GIFImageDecoder.cpp

Product:

WebKit

Reporter:

Peter Kasting <pkasting>

Component:

Images

Assignee:

Peter Kasting <pkasting>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

All

URL:

http://img.waffleimages.com/9d5247a3e6a95c2966c0c5f34b47a7837309f2af/lolchrome.gif

Attachments:

Description	Flags
patch v1	hyatt: review+

Description Peter Kasting 2008-12-16 13:37:57 PST

GIFImageDecoder.cpp (which is not used by Safari, but is used by the Cairo port, and is related to the code used by Chromium) has a memory corruption bug with GIFs which insert empty frames, like the one given above.

The fix is to ensure frames get initialized even if we never call haveDecodedRow().  Patch coming shortly.

Comment 1 Peter Kasting 2008-12-16 13:40:32 PST

Created attachment 26066 [details]
patch v1

Comment 2 Dave Hyatt 2008-12-16 13:41:39 PST

Comment on attachment 26066 [details]
patch v1

r=me

Comment 3 Peter Kasting 2008-12-16 13:44:42 PST

Fixed in r39340.