[webkit-changes] [87598] trunk/Source/WebCore

[simon . fraser]

Title: [87598] trunk/Source/WebCore

Revision

87598

Author

simon.fra...@apple.com

Date

2011-05-27 21:18:44 -0700 (Fri, 27 May 2011)

Log Message

2011-05-27  Simon Fraser  <simon.fra...@apple.com>

        Reviewed by Dan Bernstein.

        CG BitmapImage needs to check for valid CGImage in a couple of places
        https://bugs.webkit.org/show_bug.cgi?id=61684
        <rdar://problem/9519348>

        BitmapImage::getCGImageArray() can throw an exception if frameAtIndex()
        returns null, which it may do if the image is corrupted or still
        loading. Protect against that here and in getFirstCGImageRefOfSize().

        * platform/graphics/cg/ImageCG.cpp:
        (WebCore::BitmapImage::getFirstCGImageRefOfSize):
        (WebCore::BitmapImage::getCGImageArray):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/platform/graphics/cg/ImageCG.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (87597 => 87598)

--- trunk/Source/WebCore/ChangeLog	2011-05-28 03:27:16 UTC (rev 87597)
+++ trunk/Source/WebCore/ChangeLog	2011-05-28 04:18:44 UTC (rev 87598)
@@ -1,3 +1,19 @@
+2011-05-27  Simon Fraser  <simon.fra...@apple.com>
+
+        Reviewed by Dan Bernstein.
+
+        CG BitmapImage needs to check for valid CGImage in a couple of places
+        https://bugs.webkit.org/show_bug.cgi?id=61684
+        <rdar://problem/9519348>
+
+        BitmapImage::getCGImageArray() can throw an exception if frameAtIndex()
+        returns null, which it may do if the image is corrupted or still
+        loading. Protect against that here and in getFirstCGImageRefOfSize().
+
+        * platform/graphics/cg/ImageCG.cpp:
+        (WebCore::BitmapImage::getFirstCGImageRefOfSize):
+        (WebCore::BitmapImage::getCGImageArray):
+
 2011-05-27  Jochen Eisinger  <joc...@chromium.org>
 
         Reviewed by Adam Barth.

Modified: trunk/Source/WebCore/platform/graphics/cg/ImageCG.cpp (87597 => 87598)

--- trunk/Source/WebCore/platform/graphics/cg/ImageCG.cpp	2011-05-28 03:27:16 UTC (rev 87597)
+++ trunk/Source/WebCore/platform/graphics/cg/ImageCG.cpp	2011-05-28 04:18:44 UTC (rev 87598)
@@ -160,7 +160,7 @@
     size_t count = frameCount();
     for (size_t i = 0; i < count; ++i) {
         CGImageRef cgImage = frameAtIndex(i);
-        if (IntSize(CGImageGetWidth(cgImage), CGImageGetHeight(cgImage)) == size)
+        if (cgImage && IntSize(CGImageGetWidth(cgImage), CGImageGetHeight(cgImage)) == size)
             return cgImage;
     }
 
@@ -175,9 +175,10 @@
         return 0;
     
     CFMutableArrayRef array = CFArrayCreateMutable(NULL, count, &kCFTypeArrayCallBacks);
-    for (size_t i = 0; i < count; ++i)
-        CFArrayAppendValue(array, frameAtIndex(i));
-        
+    for (size_t i = 0; i < count; ++i) {
+        if (CGImageRef currFrame = frameAtIndex(i))
+            CFArrayAppendValue(array, currFrame);
+    }
     return RetainPtr<CFArrayRef>(AdoptCF, array);
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes