Changeset 158840 in webkit
- Timestamp:
- Nov 7, 2013 3:04:16 AM (10 years ago)
- Location:
- trunk/Source/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebCore/ChangeLog
r158839 r158840 1 2013-11-07 Laszlo Vidacs <lac@inf.u-szeged.hu> 2 3 Fix crash in BitmapImage::destroyDecodedData() 4 https://bugs.webkit.org/show_bug.cgi?id=116494 5 6 Reviewed by Csaba Osztrogonác. 7 8 Merge from https://chromium.googlesource.com/chromium/blink/+/6b6887bf53068f8537908e501fdc7317ad2c6d86 9 10 * platform/graphics/BitmapImage.cpp: 11 (WebCore::BitmapImage::destroyDecodedData): 12 1 13 2013-11-06 Sergio Villar Senin <svillar@igalia.com> 2 14 -
trunk/Source/WebCore/platform/graphics/BitmapImage.cpp
r158659 r158840 78 78 unsigned frameBytesCleared = 0; 79 79 const size_t clearBeforeFrame = destroyAll ? m_frames.size() : m_currentFrame; 80 for (size_t i = 0; i < clearBeforeFrame; ++i) { 80 81 // Because we can advance frames without always needing to decode the actual 82 // bitmap data, |m_currentFrame| may be larger than m_frames.size(); 83 // make sure not to walk off the end of the container in this case. 84 for (size_t i = 0; i < std::min(clearBeforeFrame, m_frames.size()); ++i) { 81 85 // The underlying frame isn't actually changing (we're just trying to 82 86 // save the memory for the framebuffer data), so we don't need to clear
Note: See TracChangeset
for help on using the changeset viewer.