Bug 1465775 - Fix crash in SourceBuffer::AppendFromInputStream due to incomplete read. r=tnikkel
authorAndrew Osmond <aosmond@mozilla.com>
Tue, 05 Jun 2018 06:49:24 -0400
changeset 478104 47f3020c6aa74044419beb15c1518c155f021a03
parent 478103 61714dbe02e1a8a990bef3d8a9751f293e2d0b3d
child 478105 e498ba8d51d8d2800cfe8a5656eac3a25384c8db
push id1757
push userffxbld-merge
push dateFri, 24 Aug 2018 17:02:43 +0000
treeherdermozilla-release@736023aebdb1 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstnikkel
bugs1465775
milestone62.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1465775 - Fix crash in SourceBuffer::AppendFromInputStream due to incomplete read. r=tnikkel Crash reports indicate that SourceBuffer::mStatus is not set, and thus SourceBuffer::AppendFromInputStream crashes due to dereferencing an invalid Maybe<nsresult> object. Since SourceBuffer::Append cannot fail without mStatus being set (or already set), it must mean that the input stream failed to read all the data, and swallowed any internal errors. While we used to assert in this situation, we also silently swallowed the error historically. This patch will check mStatus, but if it is unavailable, it will assert like before, and silently return otherwise.
image/SourceBuffer.cpp
--- a/image/SourceBuffer.cpp
+++ b/image/SourceBuffer.cpp
@@ -512,22 +512,26 @@ SourceBuffer::AppendFromInputStream(nsII
   }
 
   if (bytesRead == 0) {
     // The loading of the image has been canceled.
     return NS_ERROR_FAILURE;
   }
 
   if (bytesRead != aCount) {
-    // Only some of the given data was read. We must have failed in
-    // SourceBuffer::Append but ReadSegments swallowed the error.
+    // Only some of the given data was read. We may have failed in
+    // SourceBuffer::Append but ReadSegments swallowed the error. Otherwise the
+    // stream itself failed to yield the data.
     MutexAutoLock lock(mMutex);
-    MOZ_ASSERT(mStatus);
-    MOZ_ASSERT(NS_FAILED(*mStatus));
-    return *mStatus;
+    if (mStatus) {
+      MOZ_ASSERT(NS_FAILED(*mStatus));
+      return *mStatus;
+    }
+
+    MOZ_ASSERT_UNREACHABLE("AppendToSourceBuffer should consume everything");
   }
 
   return rv;
 }
 
 void
 SourceBuffer::Complete(nsresult aStatus)
 {