diff options
| author | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-21 22:50:58 +0000 |
|---|---|---|
| committer | pkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-21 22:50:58 +0000 |
| commit | bd2e63eed24e8c097be6ea3fb46aa354c638e88e (patch) | |
| tree | bfc22a5fa0e910c5d62eaffadbc6c04d63aa3e43 | |
| parent | 8dd3a00af7e4764a248cf483de5832f91c38a958 (diff) | |
| download | chromium_src-bd2e63eed24e8c097be6ea3fb46aa354c638e88e.zip chromium_src-bd2e63eed24e8c097be6ea3fb46aa354c638e88e.tar.gz chromium_src-bd2e63eed24e8c097be6ea3fb46aa354c638e88e.tar.bz2 | |
Fix crashes while displaying large animated GIFs. Our old understanding of the memory model here was wrong. This moves to the Cairo way of doing things. (An alternative would be to change NativeImagePtr from a raw pointer to a ref-counting pointer, like the Mac does. This would ape the Mac API, which is perhaps more future-proof, at the cost of needless refcounting complexity [since SkBitmap internally refs its pixel data already].)
BUG=4298
Review URL: http://codereview.chromium.org/11580
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5860 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | webkit/port/platform/graphics/ImageSkia.cpp | 4 | ||||
| -rw-r--r-- | webkit/port/platform/graphics/ImageSourceSkia.cpp | 6 | ||||
| -rw-r--r-- | webkit/port/platform/image-decoders/ImageDecoder.h | 4 |
3 files changed, 10 insertions, 4 deletions
diff --git a/webkit/port/platform/graphics/ImageSkia.cpp b/webkit/port/platform/graphics/ImageSkia.cpp index 155b718..bdfb0f1 100644 --- a/webkit/port/platform/graphics/ImageSkia.cpp +++ b/webkit/port/platform/graphics/ImageSkia.cpp @@ -290,7 +290,9 @@ void TransformDimensions(const SkMatrix& matrix, void FrameData::clear() { - // The frame data is released in ImageSource::clear. + // ImageSource::createFrameAtIndex() allocated |m_frame| and passed + // ownership to BitmapImage; we must delete it here. + delete m_frame; m_frame = 0; // NOTE: We purposefully don't reset metadata here, so that even if we // throw away previously-decoded data, animation loops can still access diff --git a/webkit/port/platform/graphics/ImageSourceSkia.cpp b/webkit/port/platform/graphics/ImageSourceSkia.cpp index fda00ab..95a335d 100644 --- a/webkit/port/platform/graphics/ImageSourceSkia.cpp +++ b/webkit/port/platform/graphics/ImageSourceSkia.cpp @@ -172,7 +172,11 @@ NativeImagePtr ImageSource::createFrameAtIndex(size_t index) RGBA32Buffer* buffer = m_decoder->frameBufferAtIndex(index); if (!buffer || buffer->status() == RGBA32Buffer::FrameEmpty) return 0; - return reinterpret_cast<NativeImagePtr>(&buffer->bitmap()); + + // Copy the bitmap. The pixel data is refcounted internally by SkBitmap, so + // this doesn't cost much. This pointer will be owned by the BitmapImage + // and freed in FrameData::clear(). + return new NativeImageSkia(buffer->bitmap()); } bool ImageSource::frameIsCompleteAtIndex(size_t index) diff --git a/webkit/port/platform/image-decoders/ImageDecoder.h b/webkit/port/platform/image-decoders/ImageDecoder.h index 619f236..c4b6e20 100644 --- a/webkit/port/platform/image-decoders/ImageDecoder.h +++ b/webkit/port/platform/image-decoders/ImageDecoder.h @@ -138,8 +138,8 @@ public: } } - SkBitmap& bitmap() { return m_bitmapRef->bitmap(); } - const SkBitmap& bitmap() const { return m_bitmapRef->bitmap(); } + NativeImageSkia& bitmap() { return m_bitmapRef->bitmap(); } + const NativeImageSkia& bitmap() const { return m_bitmapRef->bitmap(); } // Must be called before any pixels are written. Will return true on // success, false if the memory allocation fails. |