[Webkit-unassigned] [Bug 111179] [Cairo] Surface pointer passed to asNewNativeImage() might be freed.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 16 01:19:30 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=111179
cand <cand at gmx.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cand at gmx.com
--- Comment #25 from cand <cand at gmx.com> 2014-06-16 01:19:50 PST ---
(In reply to comment #20)
> Created an attachment (id=229059)
--> (https://bugs.webkit.org/attachment.cgi?id=229059&action=review) [details]
> imageframe-use-refcounted-array.patch
>
> Alternative 2: use a RefCountedArray instead of Vector to hold the image data
I'm using this patch, and google.com still randomly crashes. Doesn't really help that they change the gif each day.
Segfault in ImageFrame::copyBitmapData on the memcpy line. Only happens standalone and in gdb, I could not get it to happen in valgrind.
It's called from the resize line in GIFImageDecoder, but the backtrace is not really useful beyond that.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list