Bug 758200 - Zero out buffers when allocating new frames in GIF images. r=jlebar a=lsblakk
authorJoe Drew <joe@drew.ca>
Fri, 21 Sep 2012 18:32:47 -0400
changeset 109617 eaf3765dbed9e4f28798cb68696bf633531a5dad
parent 109616 c1c29d889d3ea221b27c10f073deb2d1083e60b3
child 109618 aa46c50b774730cc1d3c2090a4bde65e197b93ea
push id1579
push userjdrew@mozilla.com
push dateMon, 22 Oct 2012 18:53:02 +0000
treeherdermozilla-beta@aa46c50b7747 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjlebar, lsblakk
bugs758200
milestone17.0
Bug 758200 - Zero out buffers when allocating new frames in GIF images. r=jlebar a=lsblakk
image/decoders/nsGIFDecoder2.cpp
--- a/image/decoders/nsGIFDecoder2.cpp
+++ b/image/decoders/nsGIFDecoder2.cpp
@@ -73,16 +73,17 @@ namespace image {
 //////////////////////////////////////////////////////////////////////
 // GIF Decoder Implementation
 
 nsGIFDecoder2::nsGIFDecoder2(RasterImage &aImage, imgIDecoderObserver* aObserver)
   : Decoder(aImage, aObserver)
   , mCurrentRow(-1)
   , mLastFlushedRow(-1)
   , mImageData(nullptr)
+  , mColormap(nullptr)
   , mOldColor(0)
   , mCurrentFrame(-1)
   , mCurrentPass(0)
   , mLastFlushedPass(0)
   , mGIFOpen(false)
   , mSawTransparency(false)
 {
   // Clear out the structure, excluding the arrays
@@ -182,27 +183,37 @@ nsresult nsGIFDecoder2::BeginImageFrame(
   // and include transparency to allow for optimization of opaque images
   if (mGIFStruct.images_decoded) {
     // Image data is stored with original depth and palette
     rv = mImage.EnsureFrame(mGIFStruct.images_decoded,
                             mGIFStruct.x_offset, mGIFStruct.y_offset,
                             mGIFStruct.width, mGIFStruct.height,
                             format, aDepth, &mImageData, &imageDataLength,
                             &mColormap, &mColormapSize);
+
+    // While EnsureFrame can reuse frames, we unconditionally increment
+    // mGIFStruct.images_decoded when we're done with a frame, so we both can
+    // and need to zero out the colormap and image data after every call to
+    // EnsureFrame.
+    if (NS_SUCCEEDED(rv) && mColormap) {
+      memset(mColormap, 0, mColormapSize);
+    }
   } else {
     // Regardless of depth of input, image is decoded into 24bit RGB
     rv = mImage.EnsureFrame(mGIFStruct.images_decoded,
                             mGIFStruct.x_offset, mGIFStruct.y_offset,
                             mGIFStruct.width, mGIFStruct.height,
                             format, &mImageData, &imageDataLength);
   }
 
   if (NS_FAILED(rv))
     return rv;
 
+  memset(mImageData, 0, imageDataLength);
+
   mImage.SetFrameDisposalMethod(mGIFStruct.images_decoded,
                                 mGIFStruct.disposal_method);
 
   // Tell the superclass we're starting a frame
   PostFrameStart();
 
   if (!mGIFStruct.images_decoded) {
     // Send a onetime invalidation for the first frame if it has a y-axis offset.