| Summary: | REGRESSION (r61619): Memory corruption in open-source ICO decoder | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Peter Kasting <pkasting> | ||||
| Component: | Images | Assignee: | Peter Kasting <pkasting> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | 465782708, abarth, carlossantoing, eric, Grace_Cooper406, mrobinson, webkit.review.bot, yunretta1221547 | ||||
| Priority: | P2 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | Other | ||||||
| OS: | All | ||||||
| URL: | http://www.opennet.ru/opennews/art.shtml | ||||||
| Attachments: |
|
||||||
|
Description
Peter Kasting
2010-06-23 15:16:08 PDT
BMPImageReader.cpp erroneously accesses |m_parent| when setSize() fails. setSize() has already called setFailed(), which has deleted |this|, thus we shouldn't access |m_parent| (and don't need to). Created attachment 59572 [details]
patch v1
Fixes the corruption and one other technically-wrong place I noticed.
This adds a regression .ico to an existing LayoutTest, unfortunately I can't actually update expected results at the moment, so I'm going to need those from somewhere.
Comment on attachment 59572 [details]
patch v1
ok
Fixed in r61788. I'll land the updated test expectations once the bots have them. http://trac.webkit.org/changeset/61800 might have broken SnowLeopard Intel Release (Tests) Gtk is still broken from this: http://build.webkit.org/results/GTK%20Linux%2032-bit%20Debug/r61820%20(7197)/fast/images/icon-decoding-pretty-diff.html Hopefully fixed in http://trac.webkit.org/changeset/61821 The reason I didn't update GTK is because it matches Chromium rather than Safari and it wasn't clear to me that those two text dumps would be the same. (And I couldn't get a Chromium dump at the time.) I'm not lazy! I was just gone. I got two other people to help take care of this before I had to go. |