Bug 1641578: Avoid crashing when Recorded surface or font storage fail to allocate. r=jrmuizel
authorBob Owen <bobowencode@gmail.com>
Thu, 28 May 2020 18:05:53 +0000
changeset 596592 8e81ac79b2ba1dcb9d08d8ba2098a59900cc03f1
parent 596591 b11a4969f535171c1e416fa79ef2626f766fd542
child 596593 68cf56d38bb44a2bf741e5169a00776ba359b24a
push id13186
push userffxbld-merge
push dateMon, 01 Jun 2020 09:52:46 +0000
treeherdermozilla-beta@3e7c70a1e4a1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjrmuizel
bugs1641578
milestone78.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1641578: Avoid crashing when Recorded surface or font storage fail to allocate. r=jrmuizel Differential Revision: https://phabricator.services.mozilla.com/D77271
gfx/2d/RecordedEventImpl.h
--- a/gfx/2d/RecordedEventImpl.h
+++ b/gfx/2d/RecordedEventImpl.h
@@ -3063,16 +3063,17 @@ RecordedSourceSurfaceCreation::RecordedS
   }
 
   size_t size = mSize.width * mSize.height * BytesPerPixel(mFormat);
   mData = new (fallible) uint8_t[size];
   if (!mData) {
     gfxCriticalNote
         << "RecordedSourceSurfaceCreation failed to allocate data of size "
         << size;
+    aStream.SetIsBad();
   } else {
     aStream.read((char*)mData, size);
   }
 }
 
 inline void RecordedSourceSurfaceCreation::OutputSimpleEventInfo(
     std::stringstream& aStringStream) const {
   aStringStream << "[" << mRefPtr
@@ -3420,18 +3421,22 @@ inline bool RecordedFontData::PlayEvent(
 }
 
 template <class S>
 void RecordedFontData::Record(S& aStream) const {
   MOZ_ASSERT(mGetFontFileDataSucceeded);
 
   WriteElement(aStream, mType);
   WriteElement(aStream, mFontDetails.fontDataKey);
-  WriteElement(aStream, mFontDetails.size);
-  aStream.write((const char*)mData, mFontDetails.size);
+  if (!mData) {
+    WriteElement(aStream, 0);
+  } else {
+    WriteElement(aStream, mFontDetails.size);
+    aStream.write((const char*)mData, mFontDetails.size);
+  }
 }
 
 inline void RecordedFontData::OutputSimpleEventInfo(
     std::stringstream& aStringStream) const {
   aStringStream << "Font Data of size " << mFontDetails.size;
 }
 
 inline void RecordedFontData::SetFontData(const uint8_t* aData, uint32_t aSize,
@@ -3461,25 +3466,26 @@ inline bool RecordedFontData::GetFontDet
 }
 
 template <class S>
 RecordedFontData::RecordedFontData(S& aStream)
     : RecordedEventDerived(FONTDATA), mType(FontType::UNKNOWN), mData(nullptr) {
   ReadElementConstrained(aStream, mType, FontType::DWRITE, FontType::UNKNOWN);
   ReadElement(aStream, mFontDetails.fontDataKey);
   ReadElement(aStream, mFontDetails.size);
-  if (!aStream.good()) {
+  if (!mFontDetails.size || !aStream.good()) {
     return;
   }
 
   mData = new (fallible) uint8_t[mFontDetails.size];
   if (!mData) {
     gfxCriticalNote
         << "RecordedFontData failed to allocate data for playback of size "
         << mFontDetails.size;
+    aStream.SetIsBad();
   } else {
     aStream.read((char*)mData, mFontDetails.size);
   }
 }
 
 inline RecordedFontDescriptor::~RecordedFontDescriptor() = default;
 
 inline bool RecordedFontDescriptor::PlayEvent(Translator* aTranslator) const {