Bug 80754

Summary: [CRASH]gif imagebuffer crash in cairo platform
Product: WebKit Reporter: ssseintr <ssseintr2>
Component: ImagesAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Critical CC: ed, mcatanzaro
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   

ssseintr
Reported 2012-03-10 02:50:42 PST
In ImageDecoderCairo.cpp: RGBA32Buffer::asNewNativeImage() call cairo_image_surface_create_for_data(). cairo_image_surface_create_for_data() do not copy the data to use,but hold the pointer to access.That will cause the crash happen. GIFImageDecoder::frameCount() will call m_frameBufferCache.resize(reader.images_count),that will cause the data of the cairo_image_surface_create_for_data() holding be invalid.
Attachments
Add attachment proposed patch, testcase, etc.
Ed Catmur
Comment 1 2014-04-09 21:08:30 PDT
Duplicate of bug 16200.
Michael Catanzaro
Comment 2 2017-03-06 10:35:00 PST
*** This bug has been marked as a duplicate of bug 111179 ***
Note You need to log in before you can comment on or make changes to this bug.