[Webkit-unassigned] [Bug 16200] [GTK] Crashes caused by animated GIFs

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 8 06:55:10 PDT 2013


--- Comment #11 from Anton Obzhirov <a.obzhirov at samsung.com>  2013-07-08 06:57:10 PST ---
Some addition from me :).

I did some investigation as well - as far as I can see the problem is when ImageFrame::asNewNativeImage() returns images surface it uses data owned by ImageFrame to back the surface. So if you have void ImageFrame::clearPixelData() called before the data is actually used to draw the image by cairo it might get into trouble. 

if the diff below applied the crush doesn't seem to happen any more even with Simon command line in debug mode.

 PassNativeImagePtr ImageFrame::asNewNativeImage() const
+       cairo_surface_t* surface = cairo_image_surface_create(CAIRO_FORMAT_ARGB32, width(), height());
+       unsigned char* data = cairo_image_surface_get_data(surface);
+    memcpy(data, m_bytes, width() * height() * sizeof(PixelData));
+    cairo_surface_mark_dirty(surface);
+    return adoptRef(surface);
-    return adoptRef(cairo_image_surface_create_for_data(
-        reinterpret_cast<unsigned char*>(const_cast<PixelData*>(m_bytes)),
-        CAIRO_FORMAT_ARGB32, width(), height(), width() * sizeof(PixelData)));

Can someone else try this diff to see if it fixes the problem in another environment? If I identified correctly the source of the problem the question is how to fix it properly (may be some by using some reference counting mechanism in frame buffer).

Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list