Created attachment 319779 [details]
I have 106 reports from 101 unique users of this crash in WebCore::GIFImageDecoder::haveDecodedRow:
Thread no. 1 (10 frames)
#0 WebCore::ImageBackingStore::pixelValue at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/graphics/ImageBackingStore.h:214
#1 WebCore::ImageBackingStore::setPixel at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/graphics/ImageBackingStore.h:136
#2 WebCore::GIFImageDecoder::haveDecodedRow at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:227
#3 GIFLZWContext::outputRow at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:150
#4 GIFLZWContext::doLZW at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:305
#5 GIFFrameContext::decode at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:339
#6 GIFImageReader::decode at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp:370
#7 WebCore::GIFImageDecoder::decode at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:335
#8 WebCore::GIFImageDecoder::frameBufferAtIndex at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:119
#9 WebCore::ImageDecoder::createFrameImageAtIndex at /usr/src/debug/webkitgtk-2.16.5/Source/WebCore/platform/image-decoders/ImageDecoder.cpp:216
Better backtrace attached.
We had a crash like this months ago related to the decoder being detroyed while decoding, but it was fixed. In which version is this happening?
Still happening in 2.16.6. Either it's not fixed, or the fix was not merged to 2.16.
(In reply to Michael Catanzaro from comment #2)
> Still happening in 2.16.6. Either it's not fixed, or the fix was not merged
> to 2.16.
Seems that 2.16 got branched at r212635, and the fixes for these crashes were both r213448 and r213833, that weren't added later. So this should be fixed on 2.18 already.
OK, thanks Miguel. I'll add them to the 2.16.x wiki page just in case there's another 2.16 release (hopefully not since next week is the 2.18.0 release!).