in PNGImageDecoder.cpp, PNGImageDecoder::rowAvailable it attempts to resize the buffer to the size of the image. The issue is that if there's not enough memory bytes.resize() will faill and the buffer not be valid. This will later cause an access violation when attempting to access memory which has not been allocated. Suggested fix after bytes.resize: if( !bytes.data() ) { bytes.resize(0); return; }
Thanks! Would you be willing to propose this fix as described in <http://webkit.org/coding/contributing.html>?
This bug doesn't appear to be valid any more. That code is totally changed since.
agreed, feel free to close this bug. Or if you need me to do it let me know!
I don't have access to close the bug. Thanks!
this code has been reworked in such a way that this bug is no longer present.