Last Comment Bug 293986 - OOM crash [@ nsJPEGDecoder::WriteFrom, fill_input_buffer]
: OOM crash [@ nsJPEGDecoder::WriteFrom, fill_input_buffer]
: crash
Product: Core
Classification: Components
Component: ImageLib (show other bugs)
: Trunk
: All All
-- critical (vote)
: ---
Assigned To: Andrew Schultz
: Milan Sreckovic [:milan]
Depends on:
  Show dependency treegraph
Reported: 2005-05-12 23:44 PDT by Daniel de Wildt
Modified: 2007-04-27 17:38 PDT (History)
12 users (show)
vladimir: blocking1.9+
jwalden+bmo: in‑testsuite-
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---

patch (3.82 KB, patch)
2005-05-30 22:20 PDT, Andrew Schultz
no flags Details | Diff | Splinter Review
un-bitrotted patch (2.95 KB, patch)
2007-04-05 23:36 PDT, Andrew Schultz
pavlov: review+
tor: superreview+
Details | Diff | Splinter Review

Description User image Daniel de Wildt 2005-05-12 23:44:25 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

At three locations is memory (re)allocated, but the results are not checked for
out of memory.

Reproducible: Always

Steps to Reproduce:
Comment 1 User image timeless 2005-05-12 23:58:53 PDT
it should be noted that doing:
198                   mBuffer = (JOCTET *)PR_Realloc(mBuffer, count);
is almost always wrong, because if realloc fails, not only do you have a null
mBuffer, but you've leaked the old mBuffer.
Comment 2 User image Andrew Schultz 2005-05-30 22:20:40 PDT
Created attachment 184902 [details] [diff] [review]

this fixes the OOMs and enables a working (if not ugly) version of the OOM
handler in fill_input_buffer.
Comment 3 User image Vladimir Vukicevic [:vlad] [:vladv] 2007-04-03 14:20:50 PDT
Does the patch still apply?
Comment 4 User image Martijn Wargers [:mwargers] 2007-04-03 14:57:33 PDT
No, unfortunately, there is a hunk that doesn't apply anymore. Not sure how to fix that.
Andrew, are you perhaps able to update the patch?
Comment 5 User image Andrew Schultz 2007-04-05 23:36:05 PDT
Created attachment 260803 [details] [diff] [review]
un-bitrotted patch
Comment 6 User image Vladimir Vukicevic [:vlad] [:vladv] 2007-04-09 11:45:26 PDT
Comment on attachment 260803 [details] [diff] [review]
un-bitrotted patch

Review -> stuart
Comment 7 User image Alfred Kayser 2007-04-27 05:30:35 PDT
This has all the reviews, so it can be checked in?
Comment 8 User image Martijn Wargers [:mwargers] 2007-04-27 06:13:36 PDT
I went ahead and checked this in (although I think that Andrew has checkin privs).

Checking in nsJPEGDecoder.cpp;
/cvsroot/mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp,v  <--  nsJPEGD
new revision: 1.71; previous revision: 1.70

Note You need to log in before you can comment on or make changes to this bug.