Bug 33747 - Handle broken images more correctly in the open-source image decoders
Summary: Handle broken images more correctly in the open-source image decoders
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Normal
Assignee: Peter Kasting
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-15 16:14 PST by Peter Kasting
Modified: 2010-01-26 18:26 PST (History)
4 users (show)

See Also:


Attachments
patch v1 (3.37 KB, patch)
2010-01-15 16:20 PST, Peter Kasting
levin: review-
Details | Formatted Diff | Diff
patch v2 (3.91 KB, patch)
2010-01-26 16:21 PST, Peter Kasting
levin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Peter Kasting 2010-01-15 16:14:32 PST
Bug 32176 fixed a problem where, if an image decoder failed to allocate a buffer for the decoded data, we could later attempt to access the (nonexistent) buffer.  It did this by preventing the access.

The problem with this solution is that the original bug was created when I did the wrong thing while refactoring image decoding code, and in solving my bug, the patch on bug 32176 prevented the display of images which had been partially decoded before failing.

I was wrong to make ImageDecoder::size() ASSERT(!m_failed), since, like all other ImageDecoder functions, the state of the decoder is consistent even when decoding has failed, and it's perfectly valid to ask for the size.  I was also wrong to make RGBA32Buffer::setSize() set the frame status to FrameComplete on allocation failure, because the frame isn't complete, it's unallocated, and thus the existing FrameEmpty state is actually correct.

Fixing these two issues causes bug 32176 to disappear on its own, because ImageSource is already smart enough not to return pointers to frames with status FrameEmpty.  And removing the isSizeAvailable() check added in that bug allows us to (correctly) return non-NULL pointers for cases where the frame is _not_ empty but decoding has failed, thus at least displaying a partial image in some cases.  (If the error occurs after all the pixel data has appeared, then to the user things appear to be completely successful.)

Note that if we were to continue down the path of bug 32176, we'd also need to begin worrying about the other kinds of queries that can be made to an ImageSource when decoding has failed, that might have tripped the ASSERT() in ImageDecoder::size().  Safing these would be annoying, and it's totally unnecessary.

Patch coming momentarily.
Comment 1 Peter Kasting 2010-01-15 16:20:18 PST
Created attachment 46716 [details]
patch v1
Comment 2 Shinichiro Hamaji 2010-01-17 20:06:38 PST
It seems the title of this bug wasn't good.
Comment 3 Peter Kasting 2010-01-17 21:38:59 PST
Why did you remove Adam and Eric, when they were the people on bug 32176?
Comment 4 Shinichiro Hamaji 2010-01-17 21:56:38 PST
(In reply to comment #3)
> Why did you remove Adam and Eric, when they were the people on bug 32176?

I think you put their email addresses in the subject of this bug. But sorry, I must put them into the CC list when I changed the subject.
Comment 5 Adam Langley 2010-01-18 06:03:50 PST
LGTM. (Note, I am not a WebKit reviewer. You also need a real review.)
Comment 6 Eric Seidel (no email) 2010-01-18 23:34:07 PST
Comment on attachment 46716 [details]
patch v1

What does this do, and why?  How do we test it?
Comment 7 Peter Kasting 2010-01-19 10:47:47 PST
(In reply to comment #6)
> (From update of attachment 46716 [details])
> What does this do, and why?

Comment 0 explained this in detail, was part of it unclear?

> How do we test it?

There is already a test in the tree (added as part of bug 32176) that we can handle invalid images without crashing.  I could perhaps add a pixel test for an invalid but mostly-decodable BMP (with different expected results for Safari and Chromium) although it would be easier to make a small tweak to my pre-existing Chromium-side image decoder tests to check the buffer output in cases where the image partially decoded.  That's about a one-line change.
Comment 8 Eric Seidel (no email) 2010-01-25 18:36:17 PST
Comment on attachment 46716 [details]
patch v1

I really don't know who should review this simple patch.  I'm confused, even with your explanation in comment 0
Comment 9 David Levin 2010-01-26 15:57:04 PST
Comment on attachment 46716 [details]
patch v1

> Index: WebCore/ChangeLog
> ===================================================================
> --- WebCore/ChangeLog	(revision 53348)
> +++ WebCore/ChangeLog	(working copy)
> @@ -1,3 +1,19 @@
> +2010-01-15  Peter Kasting  <pkasting@google.com>
> +
> +        Reviewed by NOBODY (OOPS!).
> +
> +        Handle broken images more correctly in the open-source image decoders.
> +        https://bugs.webkit.org/show_bug.cgi?id=33747
> +

There should be either be tests in this patch or a note about why there are no tests.

> +        * platform/graphics/ImageSource.cpp:
> +        (WebCore::ImageSource::createFrameAtIndex):

It is nice to add per function level comments when possible. For example, for this function you might say:

Removed a condition added to avoid calling size because it is now always ok to call size here.


> +        * platform/image-decoders/ImageDecoder.h:
> +        (WebCore::ImageDecoder::size):
> +        * platform/image-decoders/qt/RGBA32BufferQt.cpp:
> +        (WebCore::RGBA32Buffer::setSize):
> +        * platform/image-decoders/skia/ImageDecoderSkia.cpp:
> +        (WebCore::RGBA32Buffer::setSize):
> +
Comment 10 Peter Kasting 2010-01-26 16:21:48 PST
Created attachment 47459 [details]
patch v2

I don't think a patch should be r-ed because the reviewer doesn't think the ChangeLog has enough detail (why not r+ and ask me to fix?), but whatever.
Comment 11 David Levin 2010-01-26 16:29:34 PST
(In reply to comment #10)
> Created an attachment (id=47459) [details]
> patch v2
> 
> I don't think a patch should be r-ed 

It was r- for lack of a test. This is pretty typical and is expected of WebKit reviewers.
Comment 12 David Levin 2010-01-26 16:35:21 PST
(In reply to comment #11)
> (In reply to comment #10)
> > Created an attachment (id=47459) [details] [details]
> > patch v2
> > 
> > I don't think a patch should be r-ed 
> 
> It was r- for lack of a test. This is pretty typical and is expected of WebKit
> reviewers.

Oh sorry. I missed that the test issue was discussed in the comments of the bug.
Comment 13 David Levin 2010-01-26 16:44:42 PST
Comment on attachment 47459 [details]
patch v2

Very minor nit: It would be nice to wrap the comments in the ChangeLog (one of the few places where WebKit seems to try to maintain ~80 columns) and add periods.

Thanks!
Comment 14 Peter Kasting 2010-01-26 18:26:38 PST
Fixed in 53884.  Scrolling through ChangeLog I didn't see any pattern of sticking to 80 columns, but I did add periods on my comments.