Changeset 70392 in webkit


Ignore:
Timestamp:
Oct 23, 2010 9:48:02 AM (14 years ago)
Author:
abarth@webkit.org
Message:

2010-10-23 Adam Barth <abarth@webkit.org>

Reviewed by Andreas Kling.

WebP decoding hits ASSERT
https://bugs.webkit.org/show_bug.cgi?id=48168

Calling reserveCapacity only allocates the memory. It doesn't actually
set the length. When you try to access the zeroth element, you hit an
ASSERT.

Covered by fast/images/webp-image-decoding.html in debug.

  • platform/image-decoders/webp/WEBPImageDecoder.cpp: (WebCore::WEBPImageDecoder::decode):
Location:
trunk/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/WebCore/ChangeLog

    r70391 r70392  
     12010-10-23  Adam Barth  <abarth@webkit.org>
     2
     3        Reviewed by Andreas Kling.
     4
     5        WebP decoding hits ASSERT
     6        https://bugs.webkit.org/show_bug.cgi?id=48168
     7
     8        Calling reserveCapacity only allocates the memory.  It doesn't actually
     9        set the length.  When you try to access the zeroth element, you hit an
     10        ASSERT.
     11
     12        Covered by fast/images/webp-image-decoding.html in debug.
     13
     14        * platform/image-decoders/webp/WEBPImageDecoder.cpp:
     15        (WebCore::WEBPImageDecoder::decode):
     16
    1172010-10-23  Martin Robinson  <mrobinson@igalia.com>
    218

  • trunk/WebCore/platform/image-decoders/webp/WEBPImageDecoder.cpp

    r69942 r70392  
    104104    const int stride = width * bytesPerPixel;
    105105    Vector<uint8_t> rgb;
    106     rgb.reserveCapacity(height * stride);
    107     if (!WebPDecodeBGRInto(dataBytes, dataSize, &rgb[0], height * stride, stride))
     106    rgb.resize(height * stride);
     107    if (!WebPDecodeBGRInto(dataBytes, dataSize, rgb.data(), rgb.size(), stride))
    108108        return setFailed();
    109109    // FIXME: remove this data copy.
Note: See TracChangeset for help on using the changeset viewer.