Changeset 25293 in webkit
- Timestamp:
- Aug 29, 2007 10:29:56 AM (17 years ago)
- Location:
- trunk/WebCore
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/WebCore/ChangeLog
r25286 r25293 1 2007-08-29 Peter Kasting <zerodpx@gmail.com> 2 3 Reviewed by Maciej. 4 5 - fix http://bugs.webkit.org/show_bug.cgi?id=15104 6 Don't double-compensate for sizeof(unsigned) when making a buffer 7 overflow check in the GIF decoder. Now interlaced GIFs don't 8 sometimes get nothing/garbage in some of the bottom rows. 9 10 * platform/image-decoders/gif/GIFImageDecoder.cpp: 11 (WebCore::GIFImageDecoder::haveDecodedRow): 12 1 13 2007-08-28 Sam Weinig <sam@webkit.org> 2 14 -
trunk/WebCore/platform/image-decoders/gif/GIFImageDecoder.cpp
r18289 r25293 346 346 if (repeatCount > 1) { 347 347 // Copy the row |repeatCount|-1 times. 348 unsigned size = (currDst - dst) * sizeof(unsigned); 348 unsigned num = currDst - dst; 349 unsigned size = num * sizeof(unsigned); 349 350 unsigned width = m_size.width(); 350 351 unsigned* end = buffer.bytes().data() + width * m_size.height(); 351 352 currDst = dst + width; 352 353 for (unsigned i = 1; i < repeatCount; i++) { 353 if (currDst + size> end) // Protect against a buffer overrun from a bogus repeatCount.354 if (currDst + num > end) // Protect against a buffer overrun from a bogus repeatCount. 354 355 break; 355 356 memcpy(currDst, dst, size);
Note: See TracChangeset
for help on using the changeset viewer.