Diff
Modified: trunk/LayoutTests/ChangeLog (145568 => 145569)
--- trunk/LayoutTests/ChangeLog 2013-03-12 18:26:51 UTC (rev 145568)
+++ trunk/LayoutTests/ChangeLog 2013-03-12 18:27:07 UTC (rev 145569)
@@ -1,3 +1,17 @@
+2013-03-12 Viatcheslav Ostapenko <sl.ostape...@samsung.com>
+
+ Webkit unable to show gifs with applcation extension string shorter than 11 bytes
+ https://bugs.webkit.org/show_bug.cgi?id=110620
+
+ Reviewed by Laszlo Gombos.
+
+ Test that webkit is able to decode gifs with short application extension string.
+
+ * fast/images/gif-short-app-extension-string-expected.png: Added.
+ * fast/images/gif-short-app-extension-string-expected.txt: Added.
+ * fast/images/gif-short-app-extension-string.html: Added.
+ * fast/images/resources/short-app-extension-string.gif: Added.
+
2013-03-12 Zan Dobersek <zdober...@igalia.com>
Unreviewed GTK gardening.
Added: trunk/LayoutTests/fast/images/gif-short-app-extension-string-expected.png
(Binary files differ)
Added: svn:mime-type
Added: trunk/LayoutTests/fast/images/gif-short-app-extension-string-expected.txt (0 => 145569)
--- trunk/LayoutTests/fast/images/gif-short-app-extension-string-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/images/gif-short-app-extension-string-expected.txt 2013-03-12 18:27:07 UTC (rev 145569)
@@ -0,0 +1,7 @@
+layer at (0,0) size 800x600
+ RenderView at (0,0) size 800x600
+layer at (0,0) size 800x600
+ RenderBlock {HTML} at (0,0) size 800x600
+ RenderBody {BODY} at (8,8) size 784x584
+ RenderImage {IMG} at (0,0) size 353x25
+ RenderText {#text} at (0,0) size 0x0
Added: trunk/LayoutTests/fast/images/gif-short-app-extension-string.html (0 => 145569)
--- trunk/LayoutTests/fast/images/gif-short-app-extension-string.html (rev 0)
+++ trunk/LayoutTests/fast/images/gif-short-app-extension-string.html 2013-03-12 18:27:07 UTC (rev 145569)
@@ -0,0 +1,5 @@
+<html>
+<body>
+<img src=""
+</body>
+</html>
Added: trunk/LayoutTests/fast/images/resources/short-app-extension-string.gif (0 => 145569)
--- trunk/LayoutTests/fast/images/resources/short-app-extension-string.gif (rev 0)
+++ trunk/LayoutTests/fast/images/resources/short-app-extension-string.gif 2013-03-12 18:27:07 UTC (rev 145569)
@@ -0,0 +1,10 @@
+GIF89aa���\xF7\xFF����������������������������
+
+
+������
+
+
+������������������������������������������������������ !!!"""###$$$%%%&&&'''((()))***+++,,,---...///000111222333444555666777888999:::;;;<<<===>>>???@@@AAABBBCCCDDDEEEFFFGGGHHHIIIJJJKKKLLLMMMNNNOOOPPPQQQRRRSSSTTTUUUVVVWWWXXXYYYZZZ[[[\\\]]]^^^___```aaabbbcccdddeeefffggghhhiiijjjkkklllmmmnnnooopppqqqrrrssstttuuuvvvwwwxxxyyyzzz{{{|||}}}~~~\x80\x80\x80\x81\x81\x81\x82\x82\x82\x83\x83\x83\x84\x84\x84\x85\x85\x85\x86\x86\x86\x87\x87\x87\x88\x88\x88\x89\x89\x89\x8A\x8A\x8A\x8B\x8B\x8B\x8C\x8C\x8C\x8D\x8D\x8D\x8E\x8E\x8E\x8F\x8F\x8F\x90\x90\x90\x91\x91\x91\x92\x92\x92\x93\x93\x93\x94\x94\x94\x95\x95\x95\x96\x96\x96\x97\x97\x97\x98\x98\x98\x99\x99\x99\x9A\x9A\x9A\x9B\x9B\x9B\x9C\x9C\x9C\x9D\x9D\x9D\x9E\x9E\x9E\x9F\x9F\x9F\xA0\xA0\xA0\xA1\xA1\xA1\xA2\xA2\xA2\xA3\xA3\xA3\xA4\xA4\xA4\xA5\xA5\xA5\xA6\xA6\xA6\xA7\xA7\xA7\xA8\xA8\xA8\xA9\xA9\xA9\xAA\xAA\xAA\xAB\xAB\xAB\xAC\xAC\xAC\xAD\xAD\xAD\xAE\xAE\xAE\xAF\xAF\xAF\xB0\xB0\xB0\xB1\xB1\xB1\xB2\xB2\xB2\xB3\xB3\xB3\xB4\xB4\xB4\xB5\xB5\xB5\xB6\xB6\xB6\xB7\xB7\xB7\xB8\xB8\xB8\xB9\xB9\xB9\xBA\xBA\xBA\xBB\xBB\xBB\xBC\xBC\xBC\xBD\xBD\xBD\xBE\xBE\xBE\xBF\xBF\xBF\xC0\xC0\xC0\xC1\xC1\xC1\xC2\xC2\xC2\xC3\xC3\xC3\xC4\xC4\xC4\xC5\xC5\xC5\xC6\xC6\xC6\xC7\xC7\xC7\xC8\xC8\xC8\xC9\xC9\xC9\xCA\xCA\xCA\xCB\xCB\xCB\xCC\xCC\xCC\xCD\xCD\xCD\xCE\xCE\xCE\xCF\xCF\xCF\xD0\xD0\xD0\xD1\xD1\xD1\xD2\xD2\xD2\xD3\xD3\xD3\xD4\xD4\xD4\xD5\xD5\xD5\xD6\xD6\xD6\xD7\xD7\xD7\xD8\xD8\xD8\xD9\xD9\xD9\xDA\xDA\xDA\xDB\xDB\xDB\xDC\xDC\xDC\xDD\xDD\xDD\xDE\xDE\xDE\xDF\xDF\xDF\xE0\xE0\xE0\xE1\xE1\xE1\xE2\xE2\xE2\xE3\xE3\xE3\xE4\xE4\xE4\xE5\xE5\xE5\xE6\xE6\xE6\xE7\xE7\xE7\xE8\xE8\xE8\xE9\xE9\xE9\xEA\xEA\xEA\xEB\xEB\xEB\xEC\xEC\xEC\xED\xED\xED\xEE\xEE\xEE\xEF\xEF\xEF\xF0\xF0\xF0\xF1\xF1\xF1\xF2\xF2\xF2\xF3\xF3\xF3\xF4\xF4\xF4\xF5\xF5\xF5\xF6\xF6\xF6\xF7\xF7\xF7\xF8\xF8\xF8\xF9\xF9\xF9\xFA\xFA\xFA\xFB\xFB\xFB\xFC\xFC\xFC\xFD\xFD\xFD\xFE\xFE\xFE\xFF\xFF\xFF!\xF9������!\xFF�MBPW\x80\xE6\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD7\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8\xD8ؾ\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xBE\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xD9\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDA\xDAڥ\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xA5\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDB\xDBۀ\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC\xDC22222222222222222\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDE\xDE\xDE\xDE\xDE\xDE\xDE\xDE\xDE\xDE\xDE\xE1\xE1\xE1\xE1\xE1\xE1\xE1\xE1\xE1��������������\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xDF\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0\xE0����������,����a�����\xFE�\xFF �H\xB0\xA0\xC1\x83��*\Ȱ\xA1Ç�#J\x9CH\xB1\xA2ŋ�3j\xDCȱ\xA3Ǐ C\x8A�I\xB2\xA4ɓ(S\xAA\ɲ\xA5˗0cʜI\xB3\xA6͛8s\xEA\xDCɳ\xA7ϟ@\x83>dF\xA4(3\xA1H\x93*]\xBA�\xC0\xAE\x8C\xDD2U\xB9\x93�\xD1�""21\xDDʵ\xAB@\xA7
+\xBB5dV\xC5*U\x8CD\xDC\xFD\xDB�@\xACp}\x82M8\xE3lC"v��Y\xA8\xF5\xEBӸ\x80�w\xCC$\x82Ȍ��ݙ\xB9*\xE2(Ѣ�\xF2\xCE\xFDw\xA7ha\xB5\xEE\xEE\x88\xF8\xBB�oC��wEP+\xB8\xB4i\x8A�T <k\xA6\x8A\xC0LG\xDD�\xFD\xA7
+\xF4\xC0\xC9\xCC0O\xEEF\xA4\x8Aۄ\x9E�\xDA^\xE8.\xEB\xE9\xE3\xC8�\x9A�q\x87\xF3䁻\xEEdB4\xFC\xDFdw\xD3\xD9r\xFE\xD7mF�\xD2�\x83\xA4#\xACL�@Ѿ�\xDD\xCD@\x9F\xBC\xBD{\x81̢bU\x9B\xBA`p\xB6�纋\xF0w\xB2f\xF6\xE1\xE5\x95Pu\xE9\xAD\xF7ށ\xEE!\xF6\x8F;��\xD5\xDA@\xF4\xA9FYus\xB1\xA5\x96vk1�\x9E^�"D\xA0AU\x98\x81\xE0\x88\xC8UQX]\x89iv\xDE?\x84�u��\xB0��\xC0U�\x8A0Ռ\xFF�1\x9BB\x8FEP\xD8^
+uX��D� $\x89H&\xA9\xE4\x92L6\xE9\xE4\x93PF)\xE5\x94TVi\xE5\x95Xf\xA9\xE5\x96\v\xE9\xE5\x97`\x86)\xE6\x98d\x96\xA9R@�;
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (145568 => 145569)
--- trunk/Source/WebCore/ChangeLog 2013-03-12 18:26:51 UTC (rev 145568)
+++ trunk/Source/WebCore/ChangeLog 2013-03-12 18:27:07 UTC (rev 145569)
@@ -1,3 +1,18 @@
+2013-03-12 Viatcheslav Ostapenko <sl.ostape...@samsung.com>
+
+ Webkit unable to show gifs with applcation extension string shorter than 11 bytes
+ https://bugs.webkit.org/show_bug.cgi?id=110620
+
+ Reviewed by Laszlo Gombos.
+
+ Use actual block size for gifs application extension string even if it is below 11 bytes
+ to be able to decode this kind of gifs.
+
+ Test: fast/images/gif-short-app-extension-string.html
+
+ * platform/image-decoders/gif/GIFImageReader.cpp:
+ (GIFImageReader::decodeInternal):
+
2013-03-12 Sheriff Bot <webkit.review....@gmail.com>
Unreviewed, rolling out r145277.
Modified: trunk/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp (145568 => 145569)
--- trunk/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp 2013-03-12 18:26:51 UTC (rev 145568)
+++ trunk/Source/WebCore/platform/image-decoders/gif/GIFImageReader.cpp 2013-03-12 18:27:07 UTC (rev 145569)
@@ -478,35 +478,28 @@
size_t bytesInBlock = currentComponent[1];
GIFState es = GIFSkipBlock;
- // The GIF spec mandates lengths for three of the extensions below.
- // However, it's possible for GIFs in the wild to deviate. For example,
- // some GIFs that embed ICC color profiles using GIFApplicationExtension
- // violate the spec and treat this extension block like a sort of
- // "extension + data" block, giving a size greater than 11 and filling the
- // remaining bytes with data (then following with more data blocks as
- // needed), instead of placing a true data block just after the 11 byte
- // extension block.
- //
- // Accordingly, if the specified length is larger than the required value,
- // we use it. If it's smaller, then we enforce the spec value, because the
- // parsers for these extensions expect to have the specified number of
- // bytes available, and if we don't ensure that, they could read off the
- // end of the heap buffer. (In this case, it's likely the GIF is corrupt
- // and we'll soon fail to decode anyway.)
switch (*currentComponent) {
case 0xf9:
es = GIFControlExtension;
+ // The GIF spec mandates that the GIFControlExtension header block length is 4 bytes,
+ // and the parser for this block reads 4 bytes, so we must enforce that the buffer
+ // contains at least this many bytes. If the GIF specifies a different length, we
+ // allow that, so long as it's larger; the additional data will simply be ignored.
bytesInBlock = std::max(bytesInBlock, static_cast<size_t>(4));
break;
+ // The GIF spec also specifies the lengths of the following two extensions' headers
+ // (as 12 and 11 bytes, respectively). Because we ignore the plain text extension entirely
+ // and sanity-check the actual length of the application extension header before reading it,
+ // we allow GIFs to deviate from these values in either direction. This is important for
+ // real-world compatibility, as GIFs in the wild exist with application extension headers
+ // that are both shorter and longer than 11 bytes.
case 0x01:
// ignoring plain text extension
- bytesInBlock = std::max(bytesInBlock, static_cast<size_t>(12));
break;
case 0xff:
es = GIFApplicationExtension;
- bytesInBlock = std::max(bytesInBlock, static_cast<size_t>(11));
break;
case 0xfe:
@@ -578,7 +571,8 @@
case GIFApplicationExtension: {
// Check for netscape application extension.
- if (!strncmp((char*)currentComponent, "NETSCAPE2.0", 11) || !strncmp((char*)currentComponent, "ANIMEXTS1.0", 11))
+ if (m_bytesToConsume == 11
+ && (!strncmp((char*)currentComponent, "NETSCAPE2.0", 11) || !strncmp((char*)currentComponent, "ANIMEXTS1.0", 11)))
GETN(1, GIFNetscapeExtensionBlock);
else
GETN(1, GIFConsumeBlock);
