Bug 1330273 - Add some security checks about the use of the string buffer in FileReader. r=bkelly, a=lizzard
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 12 Jan 2017 17:45:52 +0100
changeset 462203 ce1b91e82c558f86ec4bbc3047f913a0e7b5e5bb
parent 462202 251731790dc1dc0070ad9d82e9f36feff501ea3d
child 462204 9f142b02bdacd15df43841a5026e72613138c4aa
push id41678
push userfelipc@gmail.com
push dateMon, 16 Jan 2017 20:19:38 +0000
reviewersbkelly, lizzard
bugs1330273
milestone51.0
Bug 1330273 - Add some security checks about the use of the string buffer in FileReader. r=bkelly, a=lizzard
dom/base/FileReader.cpp
--- a/dom/base/FileReader.cpp
+++ b/dom/base/FileReader.cpp
@@ -328,16 +328,17 @@ FileReader::DoReadData(uint64_t aCount)
     }
 
     if (mDataFormat != FILE_AS_ARRAYBUFFER) {
       mFileData = (char *) realloc(mFileData, mDataLen + aCount);
       NS_ENSURE_TRUE(mFileData, NS_ERROR_OUT_OF_MEMORY);
     }
 
     uint32_t bytesRead = 0;
+    MOZ_DIAGNOSTIC_ASSERT(mFileData);
     mAsyncStream->Read(mFileData + mDataLen, aCount, &bytesRead);
     NS_ASSERTION(bytesRead == aCount, "failed to read data");
   }
 
   mDataLen += aCount;
   return NS_OK;
 }
 
@@ -729,24 +730,26 @@ FileReader::Notify(Status aStatus)
   }
 
   return true;
 }
 
 void
 FileReader::Shutdown()
 {
-  FreeFileData();
-  mResultArrayBuffer = nullptr;
+  mReadyState = DONE;
 
   if (mAsyncStream) {
     mAsyncStream->Close();
     mAsyncStream = nullptr;
   }
 
+  FreeFileData();
+  mResultArrayBuffer = nullptr;
+
   if (mWorkerPrivate && mBusyCount != 0) {
     ReleaseWorker();
     mWorkerPrivate = nullptr;
     mBusyCount = 0;
   }
 }
 
 } // dom namespace