[Webkit-unassigned] [Bug 115623] Crash in Image Decoder due to large gifs

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 7 20:34:57 PDT 2013


https://bugs.webkit.org/show_bug.cgi?id=115623


Benjamin Poulain <benjamin at webkit.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #201016|review?, commit-queue?      |review-, commit-queue-
               Flag|                            |




--- Comment #5 from Benjamin Poulain <benjamin at webkit.org>  2013-05-07 20:33:21 PST ---
(From update of attachment 201016)
View in context: https://bugs.webkit.org/attachment.cgi?id=201016&action=review

> LayoutTests/ChangeLog:12
> +        If the decoded GIF is larger than 5M,
> +        we clear the the frame buffer except the current and after frame.
> +        However, if the current frame is the last frame of the GIF,
> +        and the first frame has been re-initialized for next time,
> +        then should not clear first frame, it should be reserved.

This does not explain the test.

Especially since it will decode either only the first frame or no frame at all.

> LayoutTests/ChangeLog:16
> +        * fast/images/resources/gif-large.gif: Added.

Do you own the rights on this?
Better create a new test image yourself.

> Source/WebCore/ChangeLog:13
> +        If the decoded GIF is larger than 5M,
> +        we clear the the frame buffer except the current and after frame.
> +        However, if the current frame is the last frame of the GIF,
> +        and the first frame has been re-initialized for next time,
> +        then should not clear first frame, it should be reserved.
> +        Test: fast/images/animated-large-image-crash.html

This does not explain the reason of the crash.

> Source/WebCore/platform/image-decoders/gif/GIFImageReader.h:270
> +
> +    size_t currentFrame() const
> +    {
> +        return m_currentDecodingFrame;
> +    }
> +

Why do you suddenly expose this publicly?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list