Bug 1237171 - Improve a case where ICO and BMP files disagree on an image size. r=tn, a=sylvestre
☠☠ backed out by 42b73d577158 ☠ ☠
authorNicholas Nethercote <nnethercote@mozilla.com>
Thu, 07 Jan 2016 16:18:22 -0800
changeset 305998 e03e0c167f4732373d1ce5569d38065c19aa5f98
parent 305997 486e6901c1d903047b9b55a1ca59978f07ac6cef
child 305999 56000c5e51e763a43f082a3c3825902bc7d07f02
push id1001
push userraliiev@mozilla.com
push dateMon, 18 Jan 2016 19:06:03 +0000
treeherdermozilla-release@8b89261f3ac4 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstn, sylvestre
bugs1237171
milestone44.0
Bug 1237171 - Improve a case where ICO and BMP files disagree on an image size. r=tn, a=sylvestre
image/decoders/nsBMPDecoder.cpp
--- a/image/decoders/nsBMPDecoder.cpp
+++ b/image/decoders/nsBMPDecoder.cpp
@@ -712,26 +712,39 @@ nsBMPDecoder::ReadColorTable(const char*
   }
   uint32_t gapLength = mH.mDataOffset - mPreGapLength;
   return Transition::To(State::GAP, gapLength);
 }
 
 LexerTransition<nsBMPDecoder::State>
 nsBMPDecoder::SkipGap()
 {
+  // If there are no pixels we can stop.
+  //
+  // XXX: normally, if there are no pixels we will have stopped decoding before
+  // now, outside of this decoder. However, if the BMP is within an ICO file,
+  // it's possible that the ICO claimed the image had a non-zero size while the
+  // BMP claims otherwise. This test is to catch that awkward case. If we ever
+  // come up with a more general solution to this ICO-and-BMP-disagree-on-size
+  // problem, this test can be removed.
+  if (mH.mWidth == 0 || mH.mHeight == 0) {
+    return Transition::TerminateSuccess();
+  }
+
   bool hasRLE = mH.mCompression == Compression::RLE8 ||
                 mH.mCompression == Compression::RLE4;
   return hasRLE
        ? Transition::To(State::RLE_SEGMENT, RLE::SEGMENT_LENGTH)
        : Transition::To(State::PIXEL_ROW, mPixelRowSize);
 }
 
 LexerTransition<nsBMPDecoder::State>
 nsBMPDecoder::ReadPixelRow(const char* aData)
 {
+  MOZ_ASSERT(mCurrentRow > 0);
   MOZ_ASSERT(mCurrentPos == 0);
 
   const uint8_t* src = reinterpret_cast<const uint8_t*>(aData);
   uint32_t* dst = RowBuffer();
   uint32_t lpos = mH.mWidth;
   switch (mH.mBpp) {
     case 1:
       while (lpos > 0) {