RESOLVED FIXED 176306
Crash in WebCore::GIFImageDecoder::haveDecodedRow 
https://bugs.webkit.org/show_bug.cgi?id=176306
Summary Crash in WebCore::GIFImageDecoder::haveDecodedRow
Michael Catanzaro
Reported 2017-09-03 07:39:59 PDT
Created attachment 319779 [details] Backtrace I have 106 reports from 101 unique users of this crash in WebCore::GIFImageDecoder::haveDecodedRow: Truncated backtrace: Thread no. 1 (10 frames) #0 WebCore::ImageBackingStore::pixelValue at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/graphics/ImageBackingStore.h:214 #1 WebCore::ImageBackingStore::setPixel at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/graphics/ImageBackingStore.h:136 #2 WebCore::GIFImageDecoder::haveDecodedRow at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:227 #3 GIFLZWContext::outputRow at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:150 #4 GIFLZWContext::doLZW at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:305 #5 GIFFrameContext::decode at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:339 #6 GIFImageReader::decode at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:370 #7 WebCore::GIFImageDecoder::decode at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:335 #8 WebCore::GIFImageDecoder::frameBufferAtIndex at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:119 #9 WebCore::ImageDecoder::createFrameImageAtIndex at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/ImageDecoder.cpp:216 Better backtrace attached.
Attachments
Backtrace (98.57 KB, text/plain)
2017-09-03 07:39 PDT, Michael Catanzaro 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Miguel Gomez
Comment 1 2017-09-06 06:03:46 PDT
We had a crash like this months ago related to the decoder being detroyed while decoding, but it was fixed. In which version is this happening?
Michael Catanzaro
Comment 2 2017-09-06 07:09:59 PDT
Still happening in 2.16.6. Either it's not fixed, or the fix was not merged to 2.16.
Miguel Gomez
Comment 3 2017-09-06 07:36:00 PDT
(In reply to Michael Catanzaro from comment #2) > Still happening in 2.16.6. Either it's not fixed, or the fix was not merged > to 2.16. Seems that 2.16 got branched at r212635, and the fixes for these crashes were both r213448 and r213833, that weren't added later. So this should be fixed on 2.18 already.
Michael Catanzaro
Comment 4 2017-09-06 07:50:46 PDT
OK, thanks Miguel. I'll add them to the 2.16.x wiki page just in case there's another 2.16 release (hopefully not since next week is the 2.18.0 release!).
Note You need to log in before you can comment on or make changes to this bug.