Updates:
Status: Assigned
Owner: [email protected]
Labels: -Area-Misc Area-WebKit
Comment #1 on issue 5573 by [email protected]: Tab crashes when viewing
this image.
http://code.google.com/p/chromium/issues/detail?id=5573
putting on pkasting, defer as needed
==1211== Invalid write of size 4
==1211== at 0x80EAB43:
WebCore::GIFImageDecoder::haveDecodedRow(unsigned, unsigned
char*, unsigned char*, unsigned, unsigned, bool) (ImageDecoder.h:202)
==1211== by 0x80EC446: GIFImageReader::output_row()
(GIFImageReader.cpp:163)
==1211== by 0x80EC82F: GIFImageReader::do_lzw(unsigned char const*)
(GIFImageReader.cpp:351)
==1211== by 0x80ECC0B: GIFImageReader::read(unsigned char const*,
unsigned,
WebCore::GIFImageDecoder::GIFQuery, unsigned) (GIFImageReader.cpp:441)
==1211== by 0x80E9B16:
WebCore::GIFImageDecoder::decode(WebCore::GIFImageDecoder::GIFQuery,
unsigned) const
(GIFImageDecoder.cpp:52)
==1211== by 0x80E9C9E:
WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned)
(GIFImageDecoder.cpp:183)
==1211== by 0x80D0311: WebCore::ImageSource::createFrameAtIndex(unsigned)
(ImageSourceSkia.cpp:178)
==1211== by 0x8577C51: WebCore::BitmapImage::cacheFrame(unsigned)
(BitmapImage.cpp:126)
==1211== by 0x8577EA1:
WebCore::BitmapImage::frameIsCompleteAtIndex(unsigned)
(BitmapImage.cpp:222)
==1211== by 0x8577F70: WebCore::BitmapImage::startAnimation(bool)
(BitmapImage.cpp:292)
==1211== by 0x80EE19F:
WebCore::BitmapImage::draw(WebCore::GraphicsContext*,
WebCore::FloatRect const&, WebCore::FloatRect const&,
WebCore::CompositeOperator)
(ImageSkia.cpp:416)
==1211== by 0x8581D5B:
WebCore::GraphicsContext::drawImage(WebCore::Image*,
WebCore::FloatRect const&, WebCore::FloatRect const&,
WebCore::CompositeOperator,
bool) (GraphicsContext.cpp:429)
==1211== Address 0x72d9bf0 is 0 bytes after a block of size 0 alloc'd
==1211== at 0x6EF16FD: malloc (vg_replace_malloc.c:207)
==1211== by 0x81AB9C1: sk_malloc_flags(unsigned, unsigned)
(SkMemory_stdlib.cpp:260)
==1211== by 0x81B6D3F: SkBitmap::HeapAllocator::allocPixelRef(SkBitmap*,
SkColorTable*) (SkBitmap.cpp:412)
==1211== by 0x81B53C4: SkBitmap::allocPixels(SkBitmap::Allocator*,
SkColorTable*)
(SkBitmap.cpp:311)
==1211== by 0x80EA801:
WebCore::GIFImageDecoder::initFrameBuffer(unsigned)
(SkBitmap.h:210)
==1211== by 0x80EAC5A:
WebCore::GIFImageDecoder::haveDecodedRow(unsigned, unsigned
char*, unsigned char*, unsigned, unsigned, bool) (GIFImageDecoder.cpp:349)
==1211== by 0x80EC446: GIFImageReader::output_row()
(GIFImageReader.cpp:163)
==1211== by 0x80EC82F: GIFImageReader::do_lzw(unsigned char const*)
(GIFImageReader.cpp:351)
==1211== by 0x80ECC0B: GIFImageReader::read(unsigned char const*,
unsigned,
WebCore::GIFImageDecoder::GIFQuery, unsigned) (GIFImageReader.cpp:441)
==1211== by 0x80E9B16:
WebCore::GIFImageDecoder::decode(WebCore::GIFImageDecoder::GIFQuery,
unsigned) const
(GIFImageDecoder.cpp:52)
==1211== by 0x80E9C9E:
WebCore::GIFImageDecoder::frameBufferAtIndex(unsigned)
(GIFImageDecoder.cpp:183)
==1211== by 0x80D0311: WebCore::ImageSource::createFrameAtIndex(unsigned)
(ImageSourceSkia.cpp:178)
valgrind: m_mallocfree.c:210 (get_bszB_as_is): Assertion 'bszB_lo ==
bszB_hi' failed.
valgrind: Heap block lo/hi size mismatch: lo = 4280562244, hi = 3722304989.
Probably caused by overrunning/underrunning a heap block's bounds.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Chromium-bugs" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/chromium-bugs?hl=en
-~----------~----~----~----~------~----~------~--~---
