WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp (not used by Safari, but used by Cairo/QT) has an API safety issue in frameBufferAtIndex(): it assumes the frame count has already been decoded, so it just returns the size of the internal frame buffer. But if a caller calls this function when the decoder has received more data since its last decode (or since ever, if nothing has forced the decoder to start decoding), this value is out of date.
The fix is easy: just call the existing frameCount() function which determines if the count is up to date and recalculates it if not.
Patch coming shortly.
Created attachment 16199 [details]
Comment on attachment 16199 [details]
Is this for feature-branch or trunk? I don't know where qt development is going on these days.
Landed in r26579.