From e3895fcd6cbbf29463c2332d79f8d81fd7414ac4 Mon Sep 17 00:00:00 2001
From: Ondrej Novak <ondrej.novak@firma.seznam.cz>
Date: Thu, 20 Nov 2014 10:59:58 +0100
Subject: [PATCH 1/3] BitmapImage::imageForDefaultFrame() doesn't check,
 whether frame can be decoded. Corrupted image can cause crash code is just
 hotfix

---
 Source/platform/graphics/BitmapImage.cpp | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/Source/platform/graphics/BitmapImage.cpp b/Source/platform/graphics/BitmapImage.cpp
index a090db0c422..ee2ef9b2de5 100644
--- a/Source/platform/graphics/BitmapImage.cpp
+++ b/Source/platform/graphics/BitmapImage.cpp
@@ -335,8 +335,12 @@ bool BitmapImage::ensureFrameIsCached(size_t index)
     if (index >= frameCount())
         return false;
 
-    if (index >= m_frames.size() || !m_frames[index].m_frame)
-        cacheFrame(index);
+	if (index >= m_frames.size() || !m_frames[index].m_frame) {
+		cacheFrame(index);
+		if (index >= m_frames.size() || !m_frames[index].m_frame) {
+			return false;
+		}
+	}
     return true;
 }
 
@@ -368,8 +372,10 @@ PassRefPtr<NativeImageSkia> BitmapImage::nativeImageForCurrentFrame()
 
 PassRefPtr<Image> BitmapImage::imageForDefaultFrame()
 {
-    if (isBitmapImage() && maybeAnimated())
-        return BitmapImage::create(frameAtIndex(0));
+	if (isBitmapImage() && maybeAnimated()) {
+		RefPtr<NativeImageSkia> fr = frameAtIndex(0);
+		if (fr) return BitmapImage::create();
+	}
 
     return Image::imageForDefaultFrame();
 }

From e59a9d8c44c0973f3a25b72a44700f5b889a236a Mon Sep 17 00:00:00 2001
From: Ondrej Novak <ondrej.novak@firma.seznam.cz>
Date: Thu, 20 Nov 2014 11:48:04 +0100
Subject: [PATCH 2/3] fix of stupid mistake

---
 Source/platform/graphics/BitmapImage.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/platform/graphics/BitmapImage.cpp b/Source/platform/graphics/BitmapImage.cpp
index ee2ef9b2de5..63e82abf4ad 100644
--- a/Source/platform/graphics/BitmapImage.cpp
+++ b/Source/platform/graphics/BitmapImage.cpp
@@ -374,7 +374,7 @@ PassRefPtr<Image> BitmapImage::imageForDefaultFrame()
 {
 	if (isBitmapImage() && maybeAnimated()) {
 		RefPtr<NativeImageSkia> fr = frameAtIndex(0);
-		if (fr) return BitmapImage::create();
+		if (fr) return BitmapImage::create(fr);
 	}
 
     return Image::imageForDefaultFrame();

From ba6b25dd134a058ed3215acc990140183bd76730 Mon Sep 17 00:00:00 2001
From: Ondrej Novak <ondrej.novak@firma.seznam.cz>
Date: Fri, 12 Dec 2014 12:59:41 +0100
Subject: [PATCH 3/3] isNwFakeTop called on null frame. HotFix prevents to
 crash

---
 Source/bindings/core/v8/custom/V8WindowCustom.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Source/bindings/core/v8/custom/V8WindowCustom.cpp b/Source/bindings/core/v8/custom/V8WindowCustom.cpp
index c80fb48fbaa..55963fa102c 100644
--- a/Source/bindings/core/v8/custom/V8WindowCustom.cpp
+++ b/Source/bindings/core/v8/custom/V8WindowCustom.cpp
@@ -155,7 +155,7 @@ void V8Window::parentAttributeGetterCustom(const v8::PropertyCallbackInfo<v8::Va
     LocalDOMWindow* imp = V8Window::toNative(info.Holder());
     LocalFrame* frame = imp->frame();
     ASSERT(frame);
-    if (frame->isNwFakeTop()) {
+	if (frame && frame->isNwFakeTop()) {
       v8SetReturnValue(info, toV8(imp, info.Holder(), info.GetIsolate()));
       return;
     }