[webkit-changes] [WebKit/WebKit] cae3db: REGRESSION(277476 at main): [GTK] Crash in WebCore::G...
Michael Catanzaro
noreply at github.com
Tue May 14 00:35:06 PDT 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cae3dbd2f345116351cbb73fd45950ce01af9168
https://github.com/WebKit/WebKit/commit/cae3dbd2f345116351cbb73fd45950ce01af9168
Author: Michael Catanzaro <mcatanzaro at redhat.com>
Date: 2024-05-14 (Tue, 14 May 2024)
Changed paths:
M Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp
M Source/WebCore/platform/image-decoders/gif/GIFImageReader.h
Log Message:
-----------
REGRESSION(277476 at main): [GTK] Crash in WebCore::GIFImageDecoder::haveDecodedRow
https://bugs.webkit.org/show_bug.cgi?id=274027
Reviewed by Carlos Garcia Campos.
Confusingly, the "size" of the color maps is defined in 3-byte units, so
size in bytes is actually 3x the "size" of the color map. Chris
understandably missed this when converting the code to use std::span.
Now we're reading off the end of the span. This triggers libstdc++
runtime assertions, but the assertions are disabled by default, so our
EWS bots did not notice. Distros do (or should) enable the assertions
using something like -DCMAKE_CXX_FLAGS="-Wp,-D_GLIBCXX_ASSERTIONS".
* Source/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp:
(WebCore::GIFImageDecoder::haveDecodedRow):
* Source/WebCore/platform/image-decoders/gif/GIFImageReader.h:
(GIFImageReader::globalColormap const):
(GIFImageReader::localColormap const):
Canonical link: https://commits.webkit.org/278739@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list