From 8dd8df90b968ec9429bffd1dd8ae0299531a47d4 Mon Sep 17 00:00:00 2001
From: wolfbeast <mcwerewolf@wolfbeast.com>
Date: Mon, 21 Jan 2019 15:47:44 +0100
Subject: Check for contiguous buffer state.

When we are reading large image data (i.e.: people using webp to stream
video instead of the native webm format; I'm looking at you, Giphy!)
we can run into the situation where the available data is not in a
contiguous buffer, and we need to either buffer additional data or
re-buffer from the start. If we don't do this, we can run into issues
because of buffer over-reading (causing corrupted data if allocated or
more likely crashes if not allocated).
Re-buffering is expensive, but this should be rare and limited to
dealing with unintended use for animated image formats.

This resolves #940.
---
 image/decoders/nsWebPDecoder.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'image/decoders')

diff --git a/image/decoders/nsWebPDecoder.cpp b/image/decoders/nsWebPDecoder.cpp
index 4f3cc8b2a..3181e3a3a 100644
--- a/image/decoders/nsWebPDecoder.cpp
+++ b/image/decoders/nsWebPDecoder.cpp
@@ -144,6 +144,10 @@ nsWebPDecoder::UpdateBuffer(SourceBufferIterator& aIterator,
 
   switch (aState) {
     case SourceBufferIterator::READY:
+      if(!aIterator.IsContiguous()) {
+        //We need to buffer. This should be rare, but expensive.
+        break;
+      }
       if (!mData) {
         // For as long as we hold onto an iterator, we know the data pointers
         // to the chunks cannot change underneath us, so save the pointer to
-- 
cgit v1.2.3