From 6032eaea9645a8570015b506729aea7b1e9918d0 Mon Sep 17 00:00:00 2001 From: "Brian R. Bondy" Date: Tue, 8 May 2012 08:38:43 -0400 Subject: [PATCH] Bug 750983 - ICO crash [mozilla::image::Decoder::Write]. r=joe --- image/decoders/nsICODecoder.cpp | 33 ++++++++++++++++++--------------- image/decoders/nsICODecoder.h | 4 ++++ 2 files changed, 22 insertions(+), 15 deletions(-) diff --git a/image/decoders/nsICODecoder.cpp b/image/decoders/nsICODecoder.cpp index 554c4c50d1bf..d6ac90d0f494 100644 --- a/image/decoders/nsICODecoder.cpp +++ b/image/decoders/nsICODecoder.cpp @@ -365,9 +365,7 @@ nsICODecoder::WriteInternal(const char* aBuffer, PRUint32 aCount) if (mIsPNG) { mContainedDecoder = new nsPNGDecoder(mImage, mObserver); mContainedDecoder->InitSharedDecoder(); - mContainedDecoder->Write(mSignature, PNGSIGNATURESIZE); - mDataError = mContainedDecoder->HasDataError(); - if (mContainedDecoder->HasDataError()) { + if (!WriteToContainedDecoder(mSignature, PNGSIGNATURESIZE)) { return; } } @@ -375,9 +373,7 @@ nsICODecoder::WriteInternal(const char* aBuffer, PRUint32 aCount) // If we have a PNG, let the PNG decoder do all of the rest of the work if (mIsPNG && mContainedDecoder && mPos >= mImageOffset + PNGSIGNATURESIZE) { - mContainedDecoder->Write(aBuffer, aCount); - mDataError = mContainedDecoder->HasDataError(); - if (mContainedDecoder->HasDataError()) { + if (!WriteToContainedDecoder(aBuffer, aCount)) { return; } mPos += aCount; @@ -445,9 +441,7 @@ nsICODecoder::WriteInternal(const char* aBuffer, PRUint32 aCount) PostDataError(); return; } - mContainedDecoder->Write((const char*)bfhBuffer, sizeof(bfhBuffer)); - mDataError = mContainedDecoder->HasDataError(); - if (mContainedDecoder->HasDataError()) { + if (!WriteToContainedDecoder((const char*)bfhBuffer, sizeof(bfhBuffer))) { return; } @@ -468,9 +462,7 @@ nsICODecoder::WriteInternal(const char* aBuffer, PRUint32 aCount) } // Write out the BMP's bitmap info header - mContainedDecoder->Write(mBIHraw, sizeof(mBIHraw)); - mDataError = mContainedDecoder->HasDataError(); - if (mContainedDecoder->HasDataError()) { + if (!WriteToContainedDecoder(mBIHraw, sizeof(mBIHraw))) { return; } @@ -515,9 +507,7 @@ nsICODecoder::WriteInternal(const char* aBuffer, PRUint32 aCount) toFeed = aCount; } - mContainedDecoder->Write(aBuffer, toFeed); - mDataError = mContainedDecoder->HasDataError(); - if (mContainedDecoder->HasDataError()) { + if (!WriteToContainedDecoder(aBuffer, toFeed)) { return; } @@ -592,6 +582,19 @@ nsICODecoder::WriteInternal(const char* aBuffer, PRUint32 aCount) } } +bool +nsICODecoder::WriteToContainedDecoder(const char* aBuffer, PRUint32 aCount) +{ + mContainedDecoder->Write(aBuffer, aCount); + if (mContainedDecoder->HasDataError()) { + mDataError = mContainedDecoder->HasDataError(); + } + if (mContainedDecoder->HasDecoderError()) { + PostDecoderError(mContainedDecoder->GetDecoderError()); + } + return !HasError(); +} + void nsICODecoder::ProcessDirEntry(IconDirEntry& aTarget) { diff --git a/image/decoders/nsICODecoder.h b/image/decoders/nsICODecoder.h index 5d0d04272db6..6e20da3a25a8 100644 --- a/image/decoders/nsICODecoder.h +++ b/image/decoders/nsICODecoder.h @@ -77,6 +77,10 @@ public: virtual void FinishInternal(); private: + // Writes to the contained decoder and sets the appropriate errors + // Returns true if there are no errors. + bool WriteToContainedDecoder(const char* aBuffer, PRUint32 aCount); + // Processes a single dir entry of the icon resource void ProcessDirEntry(IconDirEntry& aTarget); // Sets the hotspot property of if we have a cursor