[Webkit-unassigned] [Bug 111179] [Cairo] Surface pointer passed to asNewNativeImage() might be freed.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jun 16 08:45:52 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=111179
--- Comment #30 from Martin Robinson <mrobinson at webkit.org> 2014-06-16 08:46:13 PST ---
(From update of attachment 233153)
View in context: https://bugs.webkit.org/attachment.cgi?id=233153&action=review
> Source/WebCore/platform/image-decoders/cairo/ImageDecoderCairo.cpp:39
> + cairo_surface_t* surface = cairo_image_surface_create(CAIRO_FORMAT_ARGB32, width(), height());
> + unsigned char* data = cairo_image_surface_get_data(surface);
> + memcpy(data, m_bytes, width() * height() * sizeof(PixelData));
> + cairo_surface_mark_dirty(surface);
> + return adoptRef(surface);
I don't know what to say about the patch, but I do know this is wrong because you aren't taking into account the image surface stride.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list