Bug 48895 - gif image buffer crash in cairo platform
Summary: gif image buffer crash in cairo platform
Status: RESOLVED DUPLICATE of bug 111179
Alias: None
Product: WebKit
Classification: Unclassified
Component: Images (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Critical
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-02 18:58 PDT by partin
Modified: 2017-03-06 10:34 PST (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description partin 2010-11-02 18:58:44 PDT 
In ImageDecoderCairo.cpp:
 RGBA32Buffer::asNewNativeImage() call cairo_image_surface_create_for_data().
 cairo_image_surface_create_for_data() do not copy the data to use,but hold the pointer to access.That will cause the crash happen.  GIFImageDecoder::frameCount() will call m_frameBufferCache.resize(reader.images_count),that will cause the data of the cairo_image_surface_create_for_data() holding be invalid.
Comment 1 Ed Catmur 2014-04-09 21:07:11 PDT 
Duplicate of bug 16200.
Comment 2 Michael Catanzaro 2017-03-06 10:34:48 PST 

*** This bug has been marked as a duplicate of bug 111179 ***