[GTK+] Crash in WebCore::ImageFrame::ImageFrame()
authormagomez@igalia.com <magomez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Apr 2017 11:54:23 +0000 (11:54 +0000)
committermagomez@igalia.com <magomez@igalia.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 18 Apr 2017 11:54:23 +0000 (11:54 +0000)
commit48400cf9b8c9ceb1a6c52e5b8c8993a2eb331512
tree73990feab4859f49fdf6a37021b678965738674f
parente55f7c32538c3cbbf572dc9a1d83d365e1788b3b
[GTK+] Crash in WebCore::ImageFrame::ImageFrame()
https://bugs.webkit.org/show_bug.cgi?id=170332

Reviewed by Carlos Garcia Campos.

Source/WebCore:

When decoding a PNG image, don't reset the number of frames to 1 when there's a decoding error. Doing
so causes a crash if the number of frames we reported before is bigger than 1.

Test: fast/images/bad-png-missing-fdat.html

* platform/image-decoders/png/PNGImageDecoder.cpp:
(WebCore::PNGImageDecoder::fallbackNotAnimated):

LayoutTests:

Added a test to ensure that the browser doesn't crash when loading a PNG image which
reports a wrong number of frames.

* fast/images/bad-png-missing-fdat-expected.txt: Added.
* fast/images/bad-png-missing-fdat.html: Added.
* fast/images/resources/bad-png-missing-fdAT.png: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@215458 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/images/bad-png-missing-fdat-expected.txt [new file with mode: 0644]
LayoutTests/fast/images/bad-png-missing-fdat.html [new file with mode: 0644]
LayoutTests/fast/images/resources/bad-png-missing-fdAT.png [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/image-decoders/png/PNGImageDecoder.cpp