Bug 1330273 - Add some security checks about the use of the string buffer in FileReader, r=bkelly
authorAndrea Marchesini <amarchesini@mozilla.com>
Thu, 12 Jan 2017 17:45:52 +0100
changeset 374156 d31883e2369a1123a2c8bd876cf9613cd42e15ab
parent 374155 8fe52da5cb90209689b41879843ba93f6acda884
child 374157 61d2cbe7cd8c35643abf46bf4c5a66fc575c96b2
push id6996
push userjlorenzo@mozilla.com
push dateMon, 06 Mar 2017 20:48:21 +0000
treeherdermozilla-beta@d89512dab048 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbkelly
bugs1330273
milestone53.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1330273 - Add some security checks about the use of the string buffer in FileReader, r=bkelly
dom/file/FileReader.cpp
--- a/dom/file/FileReader.cpp
+++ b/dom/file/FileReader.cpp
@@ -328,16 +328,17 @@ FileReader::DoReadData(uint64_t aCount)
     }
 
     if (mDataFormat != FILE_AS_ARRAYBUFFER) {
       mFileData = (char *) realloc(mFileData, mDataLen + aCount);
       NS_ENSURE_TRUE(mFileData, NS_ERROR_OUT_OF_MEMORY);
     }
 
     uint32_t bytesRead = 0;
+    MOZ_DIAGNOSTIC_ASSERT(mFileData);
     mAsyncStream->Read(mFileData + mDataLen, aCount, &bytesRead);
     MOZ_ASSERT(bytesRead == aCount, "failed to read data");
   }
 
   mDataLen += aCount;
   return NS_OK;
 }
 
@@ -726,24 +727,26 @@ FileReader::Notify(Status aStatus)
   }
 
   return true;
 }
 
 void
 FileReader::Shutdown()
 {
-  FreeFileData();
-  mResultArrayBuffer = nullptr;
+  mReadyState = DONE;
 
   if (mAsyncStream) {
     mAsyncStream->Close();
     mAsyncStream = nullptr;
   }
 
+  FreeFileData();
+  mResultArrayBuffer = nullptr;
+
   if (mWorkerPrivate && mBusyCount != 0) {
     ReleaseWorker();
     mWorkerPrivate = nullptr;
     mBusyCount = 0;
   }
 }
 
 } // dom namespace