[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

abarth at webkit.org abarth at webkit.org
Wed Dec 22 15:27:24 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 5a253e577b602f41662e6a1112f025bcbd253a16
Author: abarth at webkit.org <abarth at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Wed Nov 3 22:58:30 2010 +0000

    2010-11-03  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            CG use of WebKit image decoders crashes on some animated GIFs
            https://bugs.webkit.org/show_bug.cgi?id=48955
    
            It turns out CFDataGetMutableBytePtr isn't safe call on a null pointer.
    
            Test: fast/images/dont-crash-with-null-gif-frames.html
    
            * platform/image-decoders/cg/ImageDecoderCG.cpp:
            (WebCore::RGBA32Buffer::copyReferenceToBitmapData):
            (WebCore::RGBA32Buffer::copyBitmapData):
    2010-11-03  Adam Barth  <abarth at webkit.org>
    
            Reviewed by Eric Seidel.
    
            CG use of WebKit image decoders crashes on some animated GIFs
            https://bugs.webkit.org/show_bug.cgi?id=48955
    
            Test image from Wikipedia that was crashing.
    
            * fast/images/dont-crash-with-null-gif-frames-expected.txt: Added.
            * fast/images/dont-crash-with-null-gif-frames.html: Added.
            * fast/images/resources/quicksort.gif: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@71277 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 27f7d04..089ec20 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,16 @@
+2010-11-03  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        CG use of WebKit image decoders crashes on some animated GIFs
+        https://bugs.webkit.org/show_bug.cgi?id=48955
+
+        Test image from Wikipedia that was crashing.
+
+        * fast/images/dont-crash-with-null-gif-frames-expected.txt: Added.
+        * fast/images/dont-crash-with-null-gif-frames.html: Added.
+        * fast/images/resources/quicksort.gif: Added.
+
 2010-11-03  Csaba Osztrogonác  <ossy at webkit.org>
 
         Unreviewed.
diff --git a/LayoutTests/fast/images/dont-crash-with-null-gif-frames-expected.txt b/LayoutTests/fast/images/dont-crash-with-null-gif-frames-expected.txt
new file mode 100644
index 0000000..85c1af1
--- /dev/null
+++ b/LayoutTests/fast/images/dont-crash-with-null-gif-frames-expected.txt
@@ -0,0 +1,2 @@
+This tests passes if it doesn't crash.
+
diff --git a/LayoutTests/fast/images/dont-crash-with-null-gif-frames.html b/LayoutTests/fast/images/dont-crash-with-null-gif-frames.html
new file mode 100644
index 0000000..a630c3c
--- /dev/null
+++ b/LayoutTests/fast/images/dont-crash-with-null-gif-frames.html
@@ -0,0 +1,6 @@
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+</script>
+This tests passes if it doesn't crash.<br>
+<img src=resources/quicksort.gif>
diff --git a/LayoutTests/fast/images/resources/quicksort.gif b/LayoutTests/fast/images/resources/quicksort.gif
new file mode 100644
index 0000000..6fee28f
Binary files /dev/null and b/LayoutTests/fast/images/resources/quicksort.gif differ
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 39ebea2..11fa19c 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,18 @@
+2010-11-03  Adam Barth  <abarth at webkit.org>
+
+        Reviewed by Eric Seidel.
+
+        CG use of WebKit image decoders crashes on some animated GIFs
+        https://bugs.webkit.org/show_bug.cgi?id=48955
+
+        It turns out CFDataGetMutableBytePtr isn't safe call on a null pointer.
+
+        Test: fast/images/dont-crash-with-null-gif-frames.html
+
+        * platform/image-decoders/cg/ImageDecoderCG.cpp:
+        (WebCore::RGBA32Buffer::copyReferenceToBitmapData):
+        (WebCore::RGBA32Buffer::copyBitmapData):
+
 2010-11-03  Adrienne Walker  <enne at google.com>
 
         Reviewed by Kenneth Russell.
diff --git a/WebCore/platform/image-decoders/cg/ImageDecoderCG.cpp b/WebCore/platform/image-decoders/cg/ImageDecoderCG.cpp
index ce6e27c..0f4dbc8 100644
--- a/WebCore/platform/image-decoders/cg/ImageDecoderCG.cpp
+++ b/WebCore/platform/image-decoders/cg/ImageDecoderCG.cpp
@@ -31,11 +31,16 @@
 
 namespace WebCore {
 
+static RGBA32Buffer::PixelData* getPtrAsPixelData(CFMutableDataRef data)
+{
+    return data ? reinterpret_cast<RGBA32Buffer::PixelData*>(CFDataGetMutableBytePtr(data)) : 0;
+}
+   
 void RGBA32Buffer::copyReferenceToBitmapData(const RGBA32Buffer& other)
 {
     ASSERT(this != &other);
     m_backingStore = other.m_backingStore;
-    m_bytes = reinterpret_cast<PixelData*>(CFDataGetMutableBytePtr(m_backingStore.get()));
+    m_bytes = getPtrAsPixelData(m_backingStore.get());
     // FIXME: The rest of this function seems redundant with RGBA32Buffer::copyBitmapData.
     m_size = other.m_size;
     setHasAlpha(other.m_hasAlpha);
@@ -47,7 +52,7 @@ bool RGBA32Buffer::copyBitmapData(const RGBA32Buffer& other)
         return true;
 
     m_backingStore.adoptCF(CFDataCreateMutableCopy(kCFAllocatorDefault, 0, other.m_backingStore.get()));
-    m_bytes = reinterpret_cast<PixelData*>(CFDataGetMutableBytePtr(m_backingStore.get()));
+    m_bytes = getPtrAsPixelData(m_backingStore.get());
     m_size = other.m_size;
     setHasAlpha(other.m_hasAlpha);
     return true;

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list