[Webkit-unassigned] [Bug 15142] New: GIFImageDecoder can lie about frame count

Tue Sep 4 12:01:26 PDT 2007

http://bugs.webkit.org/show_bug.cgi?id=15142

           Summary: GIFImageDecoder can lie about frame count
           Product: WebKit
           Version: 522+ (nightly)
          Platform: PC
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Images
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: zerodpx at gmail.com

WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp (not used by Safari,
but used by Cairo/QT) has an API safety issue in frameBufferAtIndex(): it
assumes the frame count has already been decoded, so it just returns the size
of the internal frame buffer.  But if a caller calls this function when the
decoder has received more data since its last decode (or since ever, if nothing
has forced the decoder to start decoding), this value is out of date.

The fix is easy: just call the existing frameCount() function which determines
if the count is up to date and recalculates it if not.

Patch coming shortly.

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.