Visiting the provided URL tries to display an extremely large animated GIF. On my machine, Skia fails to allocate when it reached frame 3, but we don't notice because we don't check the return value of NativeImageSkia::copyTo(). Most other platforms presumably just crash directly when they can't allocate the memory trying to do the Vector copy, which is fine, but Skia uses an allocator that doesn't crash on failure. So this means we can corrupt memory. The fix is simple: check the relevant return code.
Created attachment 68638 [details] patch v1 The only bad thing about this patch is that the layout test waits for 15 seconds. This was because the test case took anywhere from 7 to 11 seconds to crash on my Dev channel build of Chrome. I'm not sure how to speed this up :(
Hmm... another problem is that I bet non-Skia platforms that use the open-source image decoders will crash on this testcase once it runs them out of RAM. Maybe I should make the layout test a manual test instead?
Created attachment 68954 [details] patch v2 This makes the test a manual test at dglazkov's suggestion. I also fixed a missing resource in a similar test while I was at it. I can commit that part separately, but I threw it in here so I could get two r+s for the price of one.
Comment on attachment 68954 [details] patch v2 R=me. Please make sure the images aren't svn:executable before landing.
Fixed in r68446.