Issue 4298: CRASH: SkCanvas::drawBitmapRect(SkBitmap const &,SkIRect const
*,SkRect const &,SkPaint const *)
http://code.google.com/p/chromium/issues/detail?id=4298
Comment #5 by [EMAIL PROTECTED]:
And here is a purify callstack showing that we read freed memory:
[E] FMR: Free memory read in SkBitmap::width(void)const {32 occurrences}
Reading 2 bytes from 0x069f4ab0 (2 bytes at 0x069f4ab0 illegal)
Address 0x069f4ab0 is 32 bytes into a 92 byte block at 0x069f4a90
Address 0x069f4ab0 points to a C++ new block in heap 0x06920000
Thread ID: 0xb20
Error location
SkBitmap::width(void)const
[e:\src\chrome1\src\skia\include\skbitmap.h:99]
SkCanvas::drawBitmapRect(SkBitmap const&,SkIRect const*,SkRect
const&,SkPaint const*)
[e:\src\chrome1\src\skia\sgl\skcanvas.cpp:1027]
WebCore::?A0x753593a4::paintSkBitmap(PlatformContextSkia
*,NativeImageSkia const&,SkIRect const&,SkRect
const&,Mode::SkPorterDuff const&)
[e:\src\chrome1\src\webkit\port\platform\graphics\imageskia.cpp:271]
WebCore::BitmapImage::draw(GraphicsContext::WebCore
*,FloatRect::WebCore const&,FloatRect::WebCore
const&,CompositeOperator::WebCore)
[e:\src\chrome1\src\webkit\port\platform\graphics\imageskia.cpp:485]
WebCore::GraphicsContext::drawImage(Image::WebCore
*,FloatRect::WebCore const&,FloatRect::WebCore
const&,CompositeOperator::WebCore,bool)
[e:\src\chrome1\src\third_party\webkit\webcore\platform\graphics\graphicscontext.cpp:424]
WebCore::GraphicsContext::drawImage(Image::WebCore
*,IntRect::WebCore const&,IntRect::WebCore
const&,CompositeOperator::WebCore,bool)
[e:\src\chrome1\src\third_party\webkit\webcore\platform\graphics\graphicscontext.cpp:296]
WebCore::GraphicsContext::drawImage(Image::WebCore
*,IntRect::WebCore const&,CompositeOperator::WebCore,bool)
[e:\src\chrome1\src\third_party\webkit\webcore\platform\graphics\graphicscontext.cpp:286]
WebCore::RenderImage::paintReplaced(PaintInfo::RenderObject::WebCore&,int,int)
[e:\src\chrome1\src\third_party\webkit\webcore\rendering\renderimage.cpp:392]
WebCore::RenderReplaced::paint(PaintInfo::RenderObject::WebCore&,int,int)
[e:\src\chrome1\src\third_party\webkit\webcore\rendering\renderreplaced.cpp:138]
WebCore::InlineBox::paint(PaintInfo::RenderObject::WebCore&,int,int)
[e:\src\chrome1\src\third_party\webkit\webcore\rendering\inlinebox.cpp:154]
Allocation location
new(UINT)
[e:\src\chrome1\src\third_party\webkit\javascriptcore\wtf\fastmalloc.h:84]
WebCore::RGBA32Buffer::copyBitmapData(RGBA32Buffer::WebCore
const&) [e:\src\chrome1\src\webkit\port\platform\image-
decoders\imagedecoder.h:126]
WebCore::GIFImageDecoder::initFrameBuffer(UINT)
[e:\src\chrome1\src\webkit\port\platform\image-
decoders\gif\gifimagedecoder.cpp:246]
WebCore::GIFImageDecoder::haveDecodedRow(UINT,BYTE *,BYTE
*,UINT,UINT,bool)
[e:\src\chrome1\src\webkit\port\platform\image-decoders\gif\gifimagedecoder.cpp:305]
GIFImageReader::output_row(void)
[e:\src\chrome1\src\webkit\port\platform\image-decoders\gif\gifimagereader.cpp:163]
GIFImageReader::do_lzw(BYTE const*)
[e:\src\chrome1\src\webkit\port\platform\image-
decoders\gif\gifimagereader.cpp:297]
GIFImageReader::read(BYTE
const*,UINT,GIFQuery::GIFImageDecoder::WebCore,UINT)
[e:\src\chrome1\src\webkit\port\platform\image-decoders\gif\gifimagereader.cpp:441]
WebCore::GIFImageDecoderPrivate::decode(SharedBuffer::WebCore
*,GIFQuery::GIFImageDecoder::WebCore,UINT)
[e:\src\chrome1\src\webkit\port\platform\image-decoders\gif\gifimagedecoder.cpp:52]
WebCore::GIFImageDecoder::decode(GIFQuery::GIFImageDecoder::WebCore,UINT)const
[e:\src\chrome1\src\webkit\port\platform\image-decoders\gif\gifimagedecoder.cpp:184]
WebCore::GIFImageDecoder::frameBufferAtIndex(UINT)
[e:\src\chrome1\src\webkit\port\platform\image-
decoders\gif\gifimagedecoder.cpp:174]
Free location
delete(void *)
[e:\src\chrome1\src\third_party\webkit\javascriptcore\wtf\fastmalloc.h:85]
WebCore::RefCountedNativeImageSkia::`scalar deleting
destructor'(UINT)
[e:\src\chrome1\src\chrome\Release\test_shell.exe]
base::RefCounted<RefCountedNativeImageSkia::WebCore>::Release(void)
[e:\src\chrome1\src\base\ref_counted.h:78]
scoped_refptr<RefCountedNativeImageSkia::WebCore>::~scoped_refptr<RefCountedNativeImageSkia::WebCore>(void)
[e:\src\chrome1\src\base\ref_counted.h:193]
WebCore::RGBA32Buffer::~RGBA32Buffer(void)
[e:\src\chrome1\src\webkit\port\platform\image-decoders\imagedecoder.h:99]
WebCore::RGBA32Buffer::`scalar deleting destructor'(UINT)
[e:\src\chrome1\src\chrome\Release\test_shell.exe]
WTF::VectorDestructor<1,RGBA32Buffer::WebCore>::destruct(RGBA32Buffer::WebCore
*,RGBA32Buffer::WebCore *)
[e:\src\chrome1\src\third_party\webkit\javascriptcore\wtf\vector.h:80]
WTF::VectorTypeOperations<RGBA32Buffer::WebCore>::destruct(RGBA32Buffer::WebCore
*,RGBA32Buffer::WebCore *)
[e:\src\chrome1\src\third_party\webkit\javascriptcore\wtf\vector.h:235]
WTF::Vector<RGBA32Buffer::WebCore,0>::shrink(UINT)
[e:\src\chrome1\src\third_party\webkit\javascriptcore\wtf\vector.h:694]
WTF::Vector<RGBA32Buffer::WebCore,0>::clear(void)
[e:\src\chrome1\src\third_party\webkit\javascriptcore\wtf\vector.h:496]
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
