[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.17-1283-gcf603cf

agl at chromium.org agl at chromium.org
Tue Jan 5 23:49:12 UTC 2010 

The following commit has been merged in the webkit-1.1 branch:
commit 89986bf0d9ce4582b297e78b1b79df48246c0670
Author: agl at chromium.org <agl at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Dec 14 18:45:10 2009 +0000

    2009-12-14  Adam Langley  <agl at google.com>
    
            Reviewed by Darin Adler.
    
            Test that an image's size is valid before reading it.
    
            Previously, an image that failed to load (m_failed == true) would
            trigger an assertion failure when WebKit tried to get its size.
    
            https://bugs.webkit.org/show_bug.cgi?id=32176
            http://code.google.com/p/chromium/issues/detail?id=28566
    
            Test: fast/images/size-failure.html
    
            * platform/graphics/ImageSource.cpp:
            (WebCore::ImageSource::createFrameAtIndex):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52102 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index ce0bcf8..3592fb1 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,19 @@
+2009-12-14  Adam Langley  <agl at google.com>
+
+        Reviewed by Darin Adler.
+
+        Test that an image's size is valid before reading it.
+
+        Previously, an image that failed to load (m_failed == true) would
+        trigger an assertion failure when WebKit tried to get its size.
+
+        https://bugs.webkit.org/show_bug.cgi?id=32176
+        http://code.google.com/p/chromium/issues/detail?id=28566
+
+        * fast/images/resources/size-failure.gif: Added.
+        * fast/images/size-failure-expected.txt: Added.
+        * fast/images/size-failure.html: Added.
+
 2009-12-14  Dan Bernstein  <mitz at apple.com>
 
         Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/images/resources/size-failure.gif b/LayoutTests/fast/images/resources/size-failure.gif
new file mode 100644
index 0000000..3bb7ddf
Binary files /dev/null and b/LayoutTests/fast/images/resources/size-failure.gif differ
diff --git a/LayoutTests/fast/forms/menulist-selection-reset-expected.txt b/LayoutTests/fast/images/size-failure-expected.txt
similarity index 100%
copy from LayoutTests/fast/forms/menulist-selection-reset-expected.txt
copy to LayoutTests/fast/images/size-failure-expected.txt
diff --git a/LayoutTests/fast/images/size-failure.html b/LayoutTests/fast/images/size-failure.html
new file mode 100644
index 0000000..28d48dd
--- /dev/null
+++ b/LayoutTests/fast/images/size-failure.html
@@ -0,0 +1,16 @@
+<html>
+  <head>
+    <script>
+      if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+    </script>
+
+   </head>
+   <body>
+     <!-- This previously tried to read the size of the image when
+          ImageDecoder::m_failed was true, triggering either an assert or a
+          read of random memory. Thanks to Robert Swiecki for the test case. -->
+     <img src="resources/size-failure.gif">
+     <p>PASS</p>
+   </body>
+ </html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 7ec03a0..c87b051 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2009-12-14  Adam Langley  <agl at google.com>
+
+        Reviewed by Darin Adler.
+
+        Test that an image's size is valid before reading it.
+
+        Previously, an image that failed to load (m_failed == true) would
+        trigger an assertion failure when WebKit tried to get its size.
+
+        https://bugs.webkit.org/show_bug.cgi?id=32176
+        http://code.google.com/p/chromium/issues/detail?id=28566
+
+        Test: fast/images/size-failure.html
+
+        * platform/graphics/ImageSource.cpp:
+        (WebCore::ImageSource::createFrameAtIndex):
+
 2009-12-14  Dan Bernstein  <mitz at apple.com>
 
         Reviewed by Darin Adler.
diff --git a/WebCore/platform/graphics/ImageSource.cpp b/WebCore/platform/graphics/ImageSource.cpp
index bf7ae21..244f3ed 100644
--- a/WebCore/platform/graphics/ImageSource.cpp
+++ b/WebCore/platform/graphics/ImageSource.cpp
@@ -131,7 +131,7 @@ NativeImagePtr ImageSource::createFrameAtIndex(size_t index)
 
     // Zero-height images can cause problems for some ports.  If we have an
     // empty image dimension, just bail.
-    if (size().isEmpty())
+    if (!isSizeAvailable() || size().isEmpty())
         return 0;
 
     // Return the buffer contents as a native image.  For some ports, the data

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list