Bug 758200 - Zero out buffers when allocating new frames in GIF images. r=jlebar
authorJoe Drew <joe@drew.ca>
Fri, 21 Sep 2012 18:32:47 -0400
changeset 107881 e36ba60ece12c789f2fae22546a399543afa3c02
parent 107880 046968d6f256d9f332cd6cac7afb3c632b853c9f
child 107882 e776f05c4f80441039eb04104899579fc6660a5f
push id82
push usershu@rfrn.org
push dateFri, 05 Oct 2012 13:20:22 +0000
reviewersjlebar
bugs758200
milestone18.0a1
Bug 758200 - Zero out buffers when allocating new frames in GIF images. r=jlebar
image/decoders/nsGIFDecoder2.cpp
--- a/image/decoders/nsGIFDecoder2.cpp
+++ b/image/decoders/nsGIFDecoder2.cpp
@@ -73,16 +73,17 @@ namespace image {
 //////////////////////////////////////////////////////////////////////
 // GIF Decoder Implementation
 
 nsGIFDecoder2::nsGIFDecoder2(RasterImage &aImage, imgIDecoderObserver* aObserver)
   : Decoder(aImage, aObserver)
   , mCurrentRow(-1)
   , mLastFlushedRow(-1)
   , mImageData(nullptr)
+  , mColormap(nullptr)
   , mOldColor(0)
   , mCurrentFrame(-1)
   , mCurrentPass(0)
   , mLastFlushedPass(0)
   , mGIFOpen(false)
   , mSawTransparency(false)
 {
   // Clear out the structure, excluding the arrays
@@ -182,27 +183,37 @@ nsresult nsGIFDecoder2::BeginImageFrame(
   // and include transparency to allow for optimization of opaque images
   if (mGIFStruct.images_decoded) {
     // Image data is stored with original depth and palette
     rv = mImage.EnsureFrame(mGIFStruct.images_decoded,
                             mGIFStruct.x_offset, mGIFStruct.y_offset,
                             mGIFStruct.width, mGIFStruct.height,
                             format, aDepth, &mImageData, &imageDataLength,
                             &mColormap, &mColormapSize);
+
+    // While EnsureFrame can reuse frames, we unconditionally increment
+    // mGIFStruct.images_decoded when we're done with a frame, so we both can
+    // and need to zero out the colormap and image data after every call to
+    // EnsureFrame.
+    if (NS_SUCCEEDED(rv) && mColormap) {
+      memset(mColormap, 0, mColormapSize);
+    }
   } else {
     // Regardless of depth of input, image is decoded into 24bit RGB
     rv = mImage.EnsureFrame(mGIFStruct.images_decoded,
                             mGIFStruct.x_offset, mGIFStruct.y_offset,
                             mGIFStruct.width, mGIFStruct.height,
                             format, &mImageData, &imageDataLength);
   }
 
   if (NS_FAILED(rv))
     return rv;
 
+  memset(mImageData, 0, imageDataLength);
+
   mImage.SetFrameDisposalMethod(mGIFStruct.images_decoded,
                                 mGIFStruct.disposal_method);
 
   // Tell the superclass we're starting a frame
   PostFrameStart();
 
   if (!mGIFStruct.images_decoded) {
     // Send a onetime invalidation for the first frame if it has a y-axis offset.