User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4 At three locations is memory (re)allocated, but the results are not checked for out of memory. Reproducible: Always Steps to Reproduce:
it should be noted that doing: 198 mBuffer = (JOCTET *)PR_Realloc(mBuffer, count); is almost always wrong, because if realloc fails, not only do you have a null mBuffer, but you've leaked the old mBuffer.
Created attachment 184902 [details] [diff] [review] patch this fixes the OOMs and enables a working (if not ugly) version of the OOM handler in fill_input_buffer.
Does the patch still apply?
No, unfortunately, there is a hunk that doesn't apply anymore. Not sure how to fix that. Andrew, are you perhaps able to update the patch?
Created attachment 260803 [details] [diff] [review] un-bitrotted patch
Comment on attachment 260803 [details] [diff] [review] un-bitrotted patch Review -> stuart
This has all the reviews, so it can be checked in?
I went ahead and checked this in (although I think that Andrew has checkin privs). Checking in nsJPEGDecoder.cpp; /cvsroot/mozilla/modules/libpr0n/decoders/jpeg/nsJPEGDecoder.cpp,v <-- nsJPEGD ecoder.cpp new revision: 1.71; previous revision: 1.70 done