From 3a8b4ad00ad6cffba1129fcb23c926a7a924cbfa Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Tue, 26 Jan 2021 11:49:35 +0000
Subject: Fix rooting hazard in ImageBitmap::CreateInternal by avoiding movable
 data.

---
 dom/canvas/ImageBitmap.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp
index e4b145d46..bb47618a6 100644
--- a/dom/canvas/ImageBitmap.cpp
+++ b/dom/canvas/ImageBitmap.cpp
@@ -952,13 +952,17 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, ImageData& aImageData,
 
   // Create and Crop the raw data into a layers::Image
   RefPtr<layers::Image> data;
+
+  // The data could move during a GC; copy it out into a local buffer.
+  uint8_t* fixedData = array.Data();
+
   if (NS_IsMainThread()) {
     data = CreateImageFromRawData(imageSize, imageStride, FORMAT,
-                                  array.Data(), dataLength,
+                                  fixedData, dataLength,
                                   aCropRect);
   } else {
     RefPtr<CreateImageFromRawDataInMainThreadSyncTask> task
-      = new CreateImageFromRawDataInMainThreadSyncTask(array.Data(),
+      = new CreateImageFromRawDataInMainThreadSyncTask(fixedData,
                                                        dataLength,
                                                        imageStride,
                                                        FORMAT,
-- 
cgit v1.2.3