[Webkit-unassigned] [Bug 111179] [Cairo] Surface pointer passed to asNewNativeImage() might be freed.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 11 00:12:26 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=111179
--- Comment #24 from Zoltan Herczeg <zherczeg at webkit.org> 2014-04-11 00:12:41 PST ---
You need an animated image with more than one frame to see invalid result or crash. The default size of image list is 1, since most images are still images, so two frames are enough. However, if the resize happens in place, or the resized area contains pointers to valid memory regions (already mapped to the process address space) you will not see the crash. In the former case, the engine seems work correctly.
I would suggest a small (8x8) animated gif with 100+ frames (to avoid in place resizes), and do a pixel dump (invalid output can be detected).
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list