Bug 116494 - Fix crash in BitmapImage::destroyDecodedData()
Summary: Fix crash in BitmapImage::destroyDecodedData()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords: BlinkMergeCandidate
Depends on:
Blocks:
 
Reported: 2013-05-20 19:22 PDT by Ryosuke Niwa
Modified: 2013-11-07 03:02 PST (History)
3 users (show)

See Also:

Attachments
Patch (1.83 KB, patch)
2013-11-05 05:23 PST, Laszlo Vidacs 		no flags Details | Formatted Diff | Diff
Patch (1.83 KB, patch)
2013-11-05 09:27 PST, Laszlo Vidacs 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2013-05-20 19:22:20 PDT 
Merge https://chromium.googlesource.com/chromium/blink/+/6b6887bf53068f8537908e501fdc7317ad2c6d86

In some cases, m_currentFrame may be bigger than m_frames.size().
Should limit the upper bound of the loop to m_frames.size().
Comment 1 Laszlo Vidacs 2013-11-05 05:23:49 PST 
Created attachment 216031 [details]
Patch
Comment 2 Csaba Osztrogonác 2013-11-05 06:31:19 PST 
Comment on attachment 216031 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=216031&action=review

> Source/WebCore/ChangeLog:3
> +
> +        

Please remove an extra newline.
Comment 3 Laszlo Vidacs 2013-11-05 09:27:56 PST 
Created attachment 216046 [details]
Patch
Comment 4 Csaba Osztrogonác 2013-11-07 02:38:35 PST 
Comment on attachment 216046 [details]
Patch

LGTM, r=me.
Comment 5 WebKit Commit Bot 2013-11-07 03:02:19 PST 
Comment on attachment 216046 [details]
Patch

Clearing flags on attachment: 216046

Committed r158840: <http://trac.webkit.org/changeset/158840>
Comment 6 WebKit Commit Bot 2013-11-07 03:02:21 PST 
All reviewed patches have been landed.  Closing bug.