[Webkit-unassigned] [Bug 111179] [Cairo] Surface pointer passed to asNewNativeImage() might be freed.

Sun Aug 9 09:50:53 PDT 2015

https://bugs.webkit.org/show_bug.cgi?id=111179

Jeremy Zerfas <WebKit at JeremyZerfas.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |WebKit at JeremyZerfas.com

--- Comment #33 from Jeremy Zerfas <WebKit at JeremyZerfas.com> ---
(In reply to comment #22)
> I cannot reproduce just by viewing the page in MiniBrowser. Do I need a
> particular port or version of Cairo to see the crash?

The occurrence of these crashes also seem to be influenced by the bit rate of the GIF, the transfer rate from the server, and whether the GIF is offscreen while it's loading which might explain why you're having trouble reproducing these crashes. At least that seems to be the case based on my testing of WinLauncher.exe from a release build of the Windows Cairo port on Windows 10 x86_64.

The GIF linked to from the original bug is pretty small and doesn't seem to reliably produce any crashes. However if the transfer rate is limited to less than 200 KBps or so it does seem to reliably produce a corrupt animation (images are offset or have random noise in them).

The animated GIFs on the Stack Exchange page won't cause any problems either unless the window size is large enough to make the animated GIF in the first answer visible while the page is loading.

I've made a spinning cube animation that should reliably demonstrate this problem, you can view it at http://www.jeremyzerfas.com/WebKit/Cairo_Animated_GIF_Crashing/Spinning_Cube_500x500.gif . To demonstrate that the crashes only occur when the animated GIFs are onscreen, I've also created a page at http://www.jeremyzerfas.com/WebKit/Cairo_Animated_GIF_Crashing/Spinning_Cube_Page_with_Animation_at_the_Bottom.html that includes the same animation but shows it on a long page that you need to scroll down in order to make the animation visible. I'll attach the two files in case I remove these files later but keep in mind that the crashes also don't seem to occur if the animation is loaded from the file system instead of from a web server.

Zoltan's patch in attachment 192693 seems to work well for fixing this bug and looks like a good fix for now.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150809/7c28894b/attachment.html>