From 98f91b82f95871aadf614ff64eae60673e0ac95c Mon Sep 17 00:00:00 2001 From: Jan de Mooij Date: Thu, 14 Jan 2016 15:19:16 +0100 Subject: [PATCH] Bug 1237201 part 2 - Handle Vector OOM in gfx/. r=jrmuizel,kats --- gfx/2d/Preferences.cpp | 6 ++-- gfx/2d/SFNTData.cpp | 4 ++- gfx/2d/SFNTNameTable.cpp | 24 ++++++++++------ gfx/layers/apz/src/AsyncPanZoomController.cpp | 28 +++++++++++-------- gfx/thebes/gfxUtils.cpp | 4 ++- 5 files changed, 43 insertions(+), 23 deletions(-) diff --git a/gfx/2d/Preferences.cpp b/gfx/2d/Preferences.cpp index 87a2a496efea..73904cbc7c84 100644 --- a/gfx/2d/Preferences.cpp +++ b/gfx/2d/Preferences.cpp @@ -31,7 +31,9 @@ int32_t PreferenceAccess::RegisterLivePref(const char* aName, int32_t* aVar, int32_t aDefault) { - Int32Prefs().append(Int32Pref{ aName, aVar }); + if (!Int32Prefs().append(Int32Pref{ aName, aVar })) { + MOZ_CRASH(); + } return aDefault; } @@ -57,4 +59,4 @@ PreferenceAccess::SetAccess(PreferenceAccess* aAccess) } } // namespace gfx -} // namespace mozilla \ No newline at end of file +} // namespace mozilla diff --git a/gfx/2d/SFNTData.cpp b/gfx/2d/SFNTData.cpp index 23c42331e102..1978577eb056 100644 --- a/gfx/2d/SFNTData.cpp +++ b/gfx/2d/SFNTData.cpp @@ -194,7 +194,9 @@ SFNTData::GetU16FullNames(Vector& aU16FullNames) if (mFonts[i]->GetU16FullName(name)) { fontFound = true; } - aU16FullNames.append(Move(name)); + if (!aU16FullNames.append(Move(name))) { + return false; + } } return fontFound; diff --git a/gfx/2d/SFNTNameTable.cpp b/gfx/2d/SFNTNameTable.cpp index 1977c273711f..082ccfa7f489 100644 --- a/gfx/2d/SFNTNameTable.cpp +++ b/gfx/2d/SFNTNameTable.cpp @@ -128,37 +128,45 @@ CreateCanonicalU16Matchers(const BigEndianUint16& aNameID) NameRecordMatchers *matchers = new NameRecordMatchers(); // First, look for the English name (this will normally succeed). - matchers->append( + if (!matchers->append( [=](const NameRecord *aNameRecord) { return aNameRecord->nameID == aNameID && aNameRecord->languageID == CANONICAL_LANG_ID && aNameRecord->platformID == PLATFORM_ID && IsUTF16Encoding(aNameRecord); - }); + })) { + MOZ_CRASH(); + } // Second, look for all languages. - matchers->append( + if (!matchers->append( [=](const NameRecord *aNameRecord) { return aNameRecord->nameID == aNameID && aNameRecord->platformID == PLATFORM_ID && IsUTF16Encoding(aNameRecord); - }); + })) { + MOZ_CRASH(); + } #if defined(XP_MACOSX) // On Mac may be dealing with font that only has Microsoft name entries. - matchers->append( + if (!matchers->append( [=](const NameRecord *aNameRecord) { return aNameRecord->nameID == aNameID && aNameRecord->languageID == LANG_ID_MICROSOFT_EN_US && aNameRecord->platformID == PLATFORM_ID_MICROSOFT && IsUTF16Encoding(aNameRecord); - }); - matchers->append( + })) { + MOZ_CRASH(); + } + if (!matchers->append( [=](const NameRecord *aNameRecord) { return aNameRecord->nameID == aNameID && aNameRecord->platformID == PLATFORM_ID_MICROSOFT && IsUTF16Encoding(aNameRecord); - }); + })) { + MOZ_CRASH(); + } #endif return matchers; diff --git a/gfx/layers/apz/src/AsyncPanZoomController.cpp b/gfx/layers/apz/src/AsyncPanZoomController.cpp index 2cbe23d8f513..bbd9a730fd58 100644 --- a/gfx/layers/apz/src/AsyncPanZoomController.cpp +++ b/gfx/layers/apz/src/AsyncPanZoomController.cpp @@ -516,9 +516,11 @@ public: // while holding mMonitor, because otherwise, if the overscrolled APZC // is this one, then the SetState(NOTHING) in UpdateAnimation will // stomp on the SetState(SNAP_BACK) it does. - mDeferredTasks.append(NewRunnableMethod(mOverscrollHandoffChain.get(), - &OverscrollHandoffChain::SnapBackOverscrolledApzc, - &mApzc)); + if (!mDeferredTasks.append(NewRunnableMethod(mOverscrollHandoffChain.get(), + &OverscrollHandoffChain::SnapBackOverscrolledApzc, + &mApzc))) { + MOZ_CRASH(); + } return false; } @@ -567,11 +569,13 @@ public: // the lock ordering. Instead we schedule HandleFlingOverscroll() to be // called after mMonitor is released. APZC_LOG("%p fling went into overscroll, handing off with velocity %s\n", &mApzc, Stringify(velocity).c_str()); - mDeferredTasks.append(NewRunnableMethod(&mApzc, - &AsyncPanZoomController::HandleFlingOverscroll, - velocity, - mOverscrollHandoffChain, - mScrolledApzc)); + if (!mDeferredTasks.append(NewRunnableMethod(&mApzc, + &AsyncPanZoomController::HandleFlingOverscroll, + velocity, + mOverscrollHandoffChain, + mScrolledApzc))) { + MOZ_CRASH(); + } // If there is a remaining velocity on this APZC, continue this fling // as well. (This fling and the handed-off fling will run concurrently.) @@ -796,9 +800,11 @@ public: // HandleSmoothScrollOverscroll() (which acquires the tree lock) would violate // the lock ordering. Instead we schedule HandleSmoothScrollOverscroll() to be // called after mMonitor is released. - mDeferredTasks.append(NewRunnableMethod(&mApzc, - &AsyncPanZoomController::HandleSmoothScrollOverscroll, - velocity)); + if (!mDeferredTasks.append(NewRunnableMethod(&mApzc, + &AsyncPanZoomController::HandleSmoothScrollOverscroll, + velocity))) { + MOZ_CRASH(); + } return false; } diff --git a/gfx/thebes/gfxUtils.cpp b/gfx/thebes/gfxUtils.cpp index d166cf10aad7..7ba09f2ffa52 100644 --- a/gfx/thebes/gfxUtils.cpp +++ b/gfx/thebes/gfxUtils.cpp @@ -1197,7 +1197,9 @@ EncodeSourceSurfaceInternal(SourceSurface* aSurface, &numReadThisTime)) == NS_OK && numReadThisTime > 0) { // Update the length of the vector without overwriting the new data. - imgData.growByUninitialized(numReadThisTime); + if (!imgData.growByUninitialized(numReadThisTime)) { + return NS_ERROR_OUT_OF_MEMORY; + } imgSize += numReadThisTime; if (imgSize == bufSize) {