Bug 22885 - Memory corruption in GIFImageDecoder.cpp
Summary: Memory corruption in GIFImageDecoder.cpp
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Normal
Assignee: Peter Kasting
URL: http://img.waffleimages.com/9d5247a3e...
Keywords:
Depends on:
Blocks:
 
Reported: 2008-12-16 13:37 PST by Peter Kasting
Modified: 2008-12-16 13:44 PST (History)
0 users

See Also:


Attachments
patch v1 (1.50 KB, patch)
2008-12-16 13:40 PST, Peter Kasting
hyatt: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Kasting 2008-12-16 13:37:57 PST
GIFImageDecoder.cpp (which is not used by Safari, but is used by the Cairo port, and is related to the code used by Chromium) has a memory corruption bug with GIFs which insert empty frames, like the one given above.

The fix is to ensure frames get initialized even if we never call haveDecodedRow().  Patch coming shortly.
Comment 1 Peter Kasting 2008-12-16 13:40:32 PST
Created attachment 26066 [details]
patch v1
Comment 2 Dave Hyatt 2008-12-16 13:41:39 PST
Comment on attachment 26066 [details]
patch v1

r=me
Comment 3 Peter Kasting 2008-12-16 13:44:42 PST
Fixed in r39340.