Closed Bug 1545567 Opened 7 months ago Closed 7 months ago

Passing a non-buffered input stream to ImageOps::CreateImageBuffer crashes.

Categories

(Core :: ImageLib, defect, P3)

defect

Tracking

()

RESOLVED FIXED
mozilla68
Tracking Status
firefox67 --- wontfix
firefox68 --- fixed

People

(Reporter: mossop, Assigned: aosmond)

References

Details

Attachments

(1 file)

https://searchfox.org/mozilla-central/source/image/ImageOps.cpp#106

As far as I can tell if the inputStream is not buffered we wrap it in a new buffered stream (dropping ownership of inputStream in the process), then do nothing with the new stream and later try to use inputStream which is now null.

Bugbug thinks this bug is a task, but please change it back in case of error.

Type: defect → task
Type: task → defect
Component: DOM: Core & HTML → ImageLib

Nice catch. Since there are no crash reports for this, it suggests the streams we get are always buffered, so no need to uplift.

Assignee: nobody → aosmond
Status: NEW → ASSIGNED
Priority: -- → P3
Pushed by aosmond@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/497afde99626
Ensure ImageOps decode methods can handle unbuffered input streams properly. r=baku
Status: ASSIGNED → RESOLVED
Closed: 7 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla68
You need to log in before you can comment on or make changes to this bug.