Closed Bug 1545567 Opened 5 years ago Closed 5 years ago

Passing a non-buffered input stream to ImageOps::CreateImageBuffer crashes.

Categories

(Core :: Graphics: ImageLib, defect, P3)

Product:
Core
Component:
Graphics: ImageLib
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla68
Tracking Flags:
Tracking Status
firefox67 --- wontfix
firefox68 --- fixed

People

(Reporter: mossop, Assigned: aosmond)

References

Details

Attachments

(1 file)

Bug 1545567 - Ensure ImageOps decode methods can handle unbuffered input streams properly.
47 bytes, text/x-phabricator-request
Details | Review

https://searchfox.org/mozilla-central/source/image/ImageOps.cpp#106

As far as I can tell if the inputStream is not buffered we wrap it in a new buffered stream (dropping ownership of inputStream in the process), then do nothing with the new stream and later try to use inputStream which is now null.

Bugbug thinks this bug is a task, but please change it back in case of error.

Type: defect → task
Type: task → defect
Component: DOM: Core & HTML → ImageLib

Nice catch. Since there are no crash reports for this, it suggests the streams we get are always buffered, so no need to uplift.

Assignee: nobody → aosmond
Status: NEW → ASSIGNED
status-firefox67: --- → wontfix
status-firefox68: --- → affected
Priority: -- → P3
Pushed by aosmond@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/497afde99626
Ensure ImageOps decode methods can handle unbuffered input streams properly. r=baku

https://hg.mozilla.org/mozilla-central/rev/497afde99626

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox68: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: