[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.18-1-697-g2f78b87
pkasting at chromium.org
pkasting at chromium.org
Wed Jan 20 22:13:30 UTC 2010
The following commit has been merged in the debian/unstable branch:
commit f4e48b7101f0251ade735077ffc5a92efec06160
Author: pkasting at chromium.org <pkasting at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Jan 5 23:22:47 2010 +0000
Public GIF decoder should stop decoding when allocation fails
https://bugs.webkit.org/show_bug.cgi?id=33231
Reviewed by Adam Barth.
* platform/image-decoders/gif/GIFImageDecoder.cpp:
(WebCore::GIFImageDecoder::haveDecodedRow):
* platform/image-decoders/gif/GIFImageDecoder.h:
* platform/image-decoders/gif/GIFImageReader.cpp:
(GIFImageReader::output_row):
(GIFImageReader::do_lzw):
(GIFImageReader::read):
* platform/image-decoders/gif/GIFImageReader.h:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@52833 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 40d8a0c..82aacda 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2010-01-05 Peter Kasting <pkasting at google.com>
+
+ Reviewed by Adam Barth.
+
+ Public GIF decoder should stop decoding when allocation fails
+ https://bugs.webkit.org/show_bug.cgi?id=33231
+
+ * platform/image-decoders/gif/GIFImageDecoder.cpp:
+ (WebCore::GIFImageDecoder::haveDecodedRow):
+ * platform/image-decoders/gif/GIFImageDecoder.h:
+ * platform/image-decoders/gif/GIFImageReader.cpp:
+ (GIFImageReader::output_row):
+ (GIFImageReader::do_lzw):
+ (GIFImageReader::read):
+ * platform/image-decoders/gif/GIFImageReader.h:
+
2010-01-05 Yong Li <yoli at rim.com>
Reviewed by Darin Adler.
diff --git a/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp b/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp
index 87036c9..50b91c6 100644
--- a/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp
+++ b/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp
@@ -331,7 +331,7 @@ bool GIFImageDecoder::initFrameBuffer(unsigned frameIndex)
return true;
}
-void GIFImageDecoder::haveDecodedRow(unsigned frameIndex,
+bool GIFImageDecoder::haveDecodedRow(unsigned frameIndex,
unsigned char* rowBuffer,
unsigned char* rowEnd,
unsigned rowNumber,
@@ -346,19 +346,19 @@ void GIFImageDecoder::haveDecodedRow(unsigned frameIndex,
// Sanity-check the arguments.
if ((rowBuffer == 0) || (y >= size().height()))
- return;
+ return true;
// Get the colormap.
unsigned colorMapSize;
unsigned char* colorMap;
m_reader->getColorMap(colorMap, colorMapSize);
if (!colorMap)
- return;
+ return true;
// Initialize the frame if necessary.
RGBA32Buffer& buffer = m_frameBufferCache[frameIndex];
if ((buffer.status() == RGBA32Buffer::FrameEmpty) && !initFrameBuffer(frameIndex))
- return;
+ return false;
// Write one row's worth of data into the frame. There is no guarantee that
// (rowEnd - rowBuffer) == (size().width() - m_reader->frameXOffset()), so
@@ -386,6 +386,8 @@ void GIFImageDecoder::haveDecodedRow(unsigned frameIndex,
// Tell the frame to copy the row data if need be.
if (repeatCount > 1)
buffer.copyRowNTimes(m_reader->frameXOffset(), x, y, std::min(y + static_cast<int>(repeatCount), size().height()));
+
+ return true;
}
void GIFImageDecoder::frameComplete(unsigned frameIndex, unsigned frameDuration, RGBA32Buffer::FrameDisposalMethod disposalMethod)
diff --git a/WebCore/platform/image-decoders/gif/GIFImageDecoder.h b/WebCore/platform/image-decoders/gif/GIFImageDecoder.h
index 5227ea3..59328c0 100644
--- a/WebCore/platform/image-decoders/gif/GIFImageDecoder.h
+++ b/WebCore/platform/image-decoders/gif/GIFImageDecoder.h
@@ -66,7 +66,7 @@ namespace WebCore {
// Callbacks from the GIF reader.
bool sizeNowAvailable(unsigned width, unsigned height);
void decodingHalted(unsigned bytesLeft);
- void haveDecodedRow(unsigned frameIndex, unsigned char* rowBuffer, unsigned char* rowEnd, unsigned rowNumber,
+ bool haveDecodedRow(unsigned frameIndex, unsigned char* rowBuffer, unsigned char* rowEnd, unsigned rowNumber,
unsigned repeatCount, bool writeTransparentPixels);
void frameComplete(unsigned frameIndex, unsigned frameDuration, RGBA32Buffer::FrameDisposalMethod disposalMethod);
void gifComplete();
diff --git a/WebCore/platform/image-decoders/gif/GIFImageReader.cpp b/WebCore/platform/image-decoders/gif/GIFImageReader.cpp
index 002f67a..ffb1310 100644
--- a/WebCore/platform/image-decoders/gif/GIFImageReader.cpp
+++ b/WebCore/platform/image-decoders/gif/GIFImageReader.cpp
@@ -104,7 +104,7 @@ using WebCore::GIFImageDecoder;
//******************************************************************************
// Send the data to the display front-end.
-void GIFImageReader::output_row()
+bool GIFImageReader::output_row()
{
GIFFrameReader* gs = frame_reader;
@@ -154,13 +154,14 @@ void GIFImageReader::output_row()
/* Protect against too much image data */
if ((unsigned)drow_start >= gs->height)
- return;
+ return true;
// CALLBACK: Let the client know we have decoded a row.
- if (clientptr && frame_reader)
- clientptr->haveDecodedRow(images_count - 1, frame_reader->rowbuf, frame_reader->rowend,
- drow_start, drow_end - drow_start + 1,
- gs->progressive_display && gs->interlaced && gs->ipass > 1);
+ if (clientptr && frame_reader &&
+ !clientptr->haveDecodedRow(images_count - 1, frame_reader->rowbuf, frame_reader->rowend,
+ drow_start, drow_end - drow_start + 1,
+ gs->progressive_display && gs->interlaced && gs->ipass > 1))
+ return false;
gs->rowp = gs->rowbuf;
@@ -207,15 +208,17 @@ void GIFImageReader::output_row()
}
} while (gs->irow > (gs->height - 1));
}
+
+ return true;
}
//******************************************************************************
/* Perform Lempel-Ziv-Welch decoding */
-int GIFImageReader::do_lzw(const unsigned char *q)
+bool GIFImageReader::do_lzw(const unsigned char *q)
{
GIFFrameReader* gs = frame_reader;
if (!gs)
- return 0;
+ return true;
int code;
int incode;
@@ -249,11 +252,12 @@ int GIFImageReader::do_lzw(const unsigned char *q)
unsigned rows_remaining = gs->rows_remaining;
if (rowp == rowend)
- return 0;
+ return true;
#define OUTPUT_ROW \
PR_BEGIN_MACRO \
- output_row(); \
+ if (!output_row()) \
+ return false; \
rows_remaining--; \
rowp = frame_reader->rowp; \
if (!rows_remaining) \
@@ -286,9 +290,7 @@ int GIFImageReader::do_lzw(const unsigned char *q)
/* Check for explicit end-of-stream code */
if (code == (clear_code + 1)) {
/* end-of-stream should only appear after all image data */
- if (rows_remaining != 0)
- return -1;
- return 0;
+ return rows_remaining == 0;
}
if (oldcode == -1) {
@@ -306,13 +308,13 @@ int GIFImageReader::do_lzw(const unsigned char *q)
code = oldcode;
if (stackp == stack + MAX_BITS)
- return -1;
+ return false;
}
while (code >= clear_code)
{
if (code >= MAX_BITS || code == prefix[code])
- return -1;
+ return false;
// Even though suffix[] only holds characters through suffix[avail - 1],
// allowing code >= avail here lets us be more tolerant of malformed
@@ -322,7 +324,7 @@ int GIFImageReader::do_lzw(const unsigned char *q)
code = prefix[code];
if (stackp == stack + MAX_BITS)
- return -1;
+ return false;
}
*stackp++ = firstchar = suffix[code];
@@ -369,7 +371,7 @@ int GIFImageReader::do_lzw(const unsigned char *q)
gs->rowp = rowp;
gs->rows_remaining = rows_remaining;
- return 0;
+ return true;
}
@@ -438,7 +440,7 @@ bool GIFImageReader::read(const unsigned char *buf, unsigned len,
switch (state)
{
case gif_lzw:
- if (do_lzw(q) < 0) {
+ if (!do_lzw(q)) {
state = gif_error;
break;
}
diff --git a/WebCore/platform/image-decoders/gif/GIFImageReader.h b/WebCore/platform/image-decoders/gif/GIFImageReader.h
index f0d127f..14c2fb4 100644
--- a/WebCore/platform/image-decoders/gif/GIFImageReader.h
+++ b/WebCore/platform/image-decoders/gif/GIFImageReader.h
@@ -208,8 +208,8 @@ struct GIFImageReader {
WebCore::GIFImageDecoder::GIFQuery query = WebCore::GIFImageDecoder::GIFFullQuery, unsigned haltAtFrame = -1);
private:
- void output_row();
- int do_lzw(const unsigned char *q);
+ bool output_row();
+ bool do_lzw(const unsigned char *q);
};
#endif
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list