From 07f85bbcb94af8b9726a50ac1f0788d56805f5ff Mon Sep 17 00:00:00 2001
From: Kyle Huey <me@kylehuey.com>
Date: Mon, 26 Jul 2010 12:36:20 -0700
Subject: [PATCH] Bug 573050: Properly initialize variables to avoid mallocing
 on bad data in the raw decoder. r=doublec

---
 content/media/raw/nsRawReader.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/content/media/raw/nsRawReader.cpp b/content/media/raw/nsRawReader.cpp
index d9e1243ca197..c1da97b96f4c 100644
--- a/content/media/raw/nsRawReader.cpp
+++ b/content/media/raw/nsRawReader.cpp
@@ -47,7 +47,7 @@
 
 nsRawReader::nsRawReader(nsBuiltinDecoder* aDecoder)
   : nsBuiltinDecoderReader(aDecoder),
-    mCurrentFrame(0)
+    mCurrentFrame(0), mFrameSize(0)
 {
   MOZ_COUNT_CTOR(nsRawReader);
 }
@@ -174,6 +174,9 @@ PRBool nsRawReader::DecodeVideoFrame(PRBool &aKeyframeSkip,
   NS_ASSERTION(mDecoder->OnStateMachineThread() || mDecoder->OnDecodeThread(),
                "Should be on state machine thread or decode thread.");
 
+  if (!mFrameSize)
+    return PR_FALSE; // Metadata read failed.  We should refuse to play.
+
   PRInt64 currentFrameTime = 1000 * mCurrentFrame / mFrameRate;
   PRUint32 length = mFrameSize - sizeof(nsRawPacketHeader);