[Webkit-unassigned] [Bug 67469] New: IconDatabase::defaultIcon always fails because loadDefaultIconRecord returns a TIFF
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 2 01:20:34 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=67469
Summary: IconDatabase::defaultIcon always fails because
loadDefaultIconRecord returns a TIFF
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebCore Misc.
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: david.delaune at hotmail.com
CC: bfulgham at webkit.org
Hi,
I encountered an access violation inside WebKit.dll while implementing favicons. In a nutshell... The loadDefaultIconRecord returns a big-endian TIFF in a static buffer. The ImageDecoder::create is checking the first 14 bytes of the image in order to return the correct ImageDecoder class. The problem is that ImageDecoder::create never even checks for a TIFF header and returns a NULL ImageDecoder* which causes ImageSource::setData to fail.
The end-result is an access violation at this line in WebIconDatabase.cpp when attempting to get the default icon.
> if (!iconDatabase().defaultIcon(*size)->getHBITMAPOfSize(result, size)) {
This call stack shows all of the functions involved:
WebKit.dll!WebCore::ImageDecoder::create(const WebCore::SharedBuffer & data={...}, WebCore::ImageSource::AlphaOption alphaOption=AlphaPremultiplied, WebCore::ImageSource::GammaAndColorProfileOption gammaAndColorProfileOption=GammaAndColorProfileApplied) Line 105 C++
WebKit.dll!WebCore::ImageSource::setData(WebCore::SharedBuffer * data=0x7ef30258, bool allDataReceived=true) Line 82 + 0xe bytes C++
WebKit.dll!WebCore::BitmapImage::dataChanged(bool allDataReceived=true) Line 213 C++
WebKit.dll!WebCore::Image::setData(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}, bool allDataReceived=true) Line 77 + 0xe bytes C++
WebKit.dll!WebCore::IconRecord::setImageData(WTF::PassRefPtr<WebCore::SharedBuffer> data={...}) Line 72 + 0x19 bytes C++
WebKit.dll!WebCore::loadDefaultIconRecord(WebCore::IconRecord * defaultIconRecord=0x7eedbc00) Line 375 C++
WebKit.dll!WebCore::IconDatabase::defaultIcon(const WebCore::IntSize & size={...}) Line 386 + 0x9 bytes C++
WebKit.dll!WebIconDatabase::getOrCreateDefaultIconBitmap(tagSIZE * size=0x90050d8c) Line 313 + 0x1b bytes C++
WebKit.dll!WebIconDatabase::defaultIconWithSize(tagSIZE * size=0x0018f6b4, unsigned int * result=0x0018f6c4) Line 194 + 0xc bytes C++
WebKit.dll!WebIconDatabase::iconForURL(wchar_t * url=0x7ee99000, tagSIZE * size=0x0018f6b4, int __formal=1, unsigned int * bitmap=0x0018f6c4) Line 187 + 0x13 bytes C++
[...]
Note: The above call stack is before the access violation has occured. The access violation will occur in WebIconDatabase::getOrCreateDefaultIconBitmap due to the NULL Image* pointer. Ports such as QT and GTK might not experience this bug because CAN_THEME_URL_ICON is defined which causes the default icon to be loaded from resource.
Best Wishes,
-David Delaune
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list