summaryrefslogtreecommitdiffstats
path: root/image/decoders/nsWebPDecoder.cpp
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2019-01-21 15:47:44 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2019-01-21 15:56:16 +0100
commit8dd8df90b968ec9429bffd1dd8ae0299531a47d4 (patch)
tree7726d8b28355eb180517a391519f0dd9b5ed6ad3 /image/decoders/nsWebPDecoder.cpp
parent87bef3e99e30c47435b7dff37c098c9d99965d22 (diff)
downloadUXP-8dd8df90b968ec9429bffd1dd8ae0299531a47d4.tar
UXP-8dd8df90b968ec9429bffd1dd8ae0299531a47d4.tar.gz
UXP-8dd8df90b968ec9429bffd1dd8ae0299531a47d4.tar.lz
UXP-8dd8df90b968ec9429bffd1dd8ae0299531a47d4.tar.xz
UXP-8dd8df90b968ec9429bffd1dd8ae0299531a47d4.zip
Check for contiguous buffer state.
When we are reading large image data (i.e.: people using webp to stream video instead of the native webm format; I'm looking at you, Giphy!) we can run into the situation where the available data is not in a contiguous buffer, and we need to either buffer additional data or re-buffer from the start. If we don't do this, we can run into issues because of buffer over-reading (causing corrupted data if allocated or more likely crashes if not allocated). Re-buffering is expensive, but this should be rare and limited to dealing with unintended use for animated image formats. This resolves #940.
Diffstat (limited to 'image/decoders/nsWebPDecoder.cpp')
-rw-r--r--image/decoders/nsWebPDecoder.cpp4
1 files changed, 4 insertions, 0 deletions
diff --git a/image/decoders/nsWebPDecoder.cpp b/image/decoders/nsWebPDecoder.cpp
index 4f3cc8b2a..3181e3a3a 100644
--- a/image/decoders/nsWebPDecoder.cpp
+++ b/image/decoders/nsWebPDecoder.cpp
@@ -144,6 +144,10 @@ nsWebPDecoder::UpdateBuffer(SourceBufferIterator& aIterator,
switch (aState) {
case SourceBufferIterator::READY:
+ if(!aIterator.IsContiguous()) {
+ //We need to buffer. This should be rare, but expensive.
+ break;
+ }
if (!mData) {
// For as long as we hold onto an iterator, we know the data pointers
// to the chunks cannot change underneath us, so save the pointer to