Bug 847559 - Handle writes to a size-only JPEG decoder after we've gotten the size. r=seth
☠☠ backed out by 3d81fc67e6ed ☠ ☠
authorJoe Drew <joe@drew.ca>
Wed, 27 Feb 2013 14:23:08 -0500
changeset 123853 45d4f7b16c2fa5b9ed1dabe51a2b78156932b6d4
parent 123852 d0e6dacd812899f1b2548154aa4621fff2db8c66
child 123854 f29a926e2bdb97d236a5b5e55c19002ec79a6db5
push id1401
push userpastithas@mozilla.com
push dateThu, 07 Mar 2013 07:26:45 +0000
treeherderfx-team@ee4879719f78 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersseth
bugs847559
milestone22.0a1
Bug 847559 - Handle writes to a size-only JPEG decoder after we've gotten the size. r=seth
image/decoders/nsJPEGDecoder.cpp
--- a/image/decoders/nsJPEGDecoder.cpp
+++ b/image/decoders/nsJPEGDecoder.cpp
@@ -189,16 +189,21 @@ nsJPEGDecoder::FinishInternal()
 void
 nsJPEGDecoder::WriteInternal(const char *aBuffer, uint32_t aCount)
 {
   mSegment = (const JOCTET *)aBuffer;
   mSegmentLen = aCount;
 
   NS_ABORT_IF_FALSE(!HasError(), "Shouldn't call WriteInternal after error!");
 
+  if (IsSizeDecode() && HasSize()) {
+    // More data came in since we found the size. We have nothing to do here.
+    return;
+  }
+
   /* Return here if there is a fatal error within libjpeg. */
   nsresult error_code;
   // This cast to nsresult makes sense because setjmp() returns whatever we
   // passed to longjmp(), which was actually an nsresult.
   if ((error_code = (nsresult)setjmp(mErr.setjmp_buffer)) != NS_OK) {
     if (error_code == NS_ERROR_FAILURE) {
       PostDataError();
       /* Error due to corrupt stream - return NS_OK and consume silently