Title: [216305] trunk/Source/WebCore
- Revision
- 216305
- Author
- s...@apple.com
- Date
- 2017-05-05 20:27:16 -0700 (Fri, 05 May 2017)
Log Message
Crash in ImageFrameCache::decodedSizeChanged() after image load cancellation
https://bugs.webkit.org/show_bug.cgi?id=171736
Reviewed by Tim Horton.
Tests: Covered by run-webkit-tests fast/images/image-formats-support.html
--guard-malloc.
Because an image format is not supported, the ImageObserver of the Image
is deleted then the Image itself is deleted. In BitmapImage destructor,
we make a call which ends up accessing the deleted ImageObserver.
To fix this, we need to change the BitImage destructor to avoid calling
ImageFrameCache::decodedSizeChanged() since it is not really needed.
* platform/graphics/BitmapImage.cpp:
(WebCore::BitmapImage::~BitmapImage):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (216304 => 216305)
--- trunk/Source/WebCore/ChangeLog 2017-05-06 01:59:14 UTC (rev 216304)
+++ trunk/Source/WebCore/ChangeLog 2017-05-06 03:27:16 UTC (rev 216305)
@@ -1,3 +1,23 @@
+2017-05-05 Said Abou-Hallawa <sabouhall...@apple.com>
+
+ Crash in ImageFrameCache::decodedSizeChanged() after image load cancellation
+ https://bugs.webkit.org/show_bug.cgi?id=171736
+
+ Reviewed by Tim Horton.
+
+ Tests: Covered by run-webkit-tests fast/images/image-formats-support.html
+ --guard-malloc.
+
+ Because an image format is not supported, the ImageObserver of the Image
+ is deleted then the Image itself is deleted. In BitmapImage destructor,
+ we make a call which ends up accessing the deleted ImageObserver.
+
+ To fix this, we need to change the BitImage destructor to avoid calling
+ ImageFrameCache::decodedSizeChanged() since it is not really needed.
+
+ * platform/graphics/BitmapImage.cpp:
+ (WebCore::BitmapImage::~BitmapImage):
+
2017-05-05 Timothy Horton <timothy_hor...@apple.com>
[Mac] Adjust cursor position for dragged link (and stop it from moving based on how fast you are dragging)
Modified: trunk/Source/WebCore/platform/graphics/BitmapImage.cpp (216304 => 216305)
--- trunk/Source/WebCore/platform/graphics/BitmapImage.cpp 2017-05-06 01:59:14 UTC (rev 216304)
+++ trunk/Source/WebCore/platform/graphics/BitmapImage.cpp 2017-05-06 03:27:16 UTC (rev 216305)
@@ -61,7 +61,8 @@
BitmapImage::~BitmapImage()
{
invalidatePlatformData();
- stopAnimation();
+ clearTimer();
+ m_source.stopAsyncDecodingQueue();
}
void BitmapImage::updateFromSettings(const Settings& settings)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
