Bug 1452467 - Make native font resource memory allocations fallible. r=lsalzman

gfx/2d/NativeFontResourceDWrite.cpp

@@ -12,6 +12,7 @@
 #include "Logging.h"
 #include "mozilla/RefPtr.h"
 #include "mozilla/StaticMutex.h"
+#include "nsTArray.h"
 
 namespace mozilla {
 namespace gfx {
@@ -84,6 +85,8 @@ private:
 class DWriteFontFileStream final : public IDWriteFontFileStream
 {
 public:
+  explicit DWriteFontFileStream(uint64_t aFontFileKey);
+
   /**
     * Used by the FontFileLoader to create a new font stream,
     * this font stream is created from data in memory. The memory
@@ -92,7 +95,7 @@ public:
     *
     * @param aData Font data
     */
-  DWriteFontFileStream(uint8_t *aData, uint32_t aSize, uint64_t aFontFileKey);
+  bool Initialize(uint8_t *aData, uint32_t aSize);
 
   // IUnknown interface
   IFACEMETHOD(QueryInterface)(IID const& iid, OUT void** ppObject)
@@ -135,7 +138,7 @@ public:
   virtual HRESULT STDMETHODCALLTYPE GetLastWriteTime(OUT UINT64* lastWriteTime);
 
 private:
-  std::vector<uint8_t> mData;
+  nsTArray<uint8_t> mData;
   Atomic<uint32_t> mRefCnt;
   uint64_t mFontFileKey;
 
@@ -166,13 +169,10 @@ DWriteFontFileLoader::CreateStreamFromKey(const void *fontFileReferenceKey,
   return S_OK;
 }
 
-DWriteFontFileStream::DWriteFontFileStream(uint8_t *aData, uint32_t aSize,
+DWriteFontFileStream::DWriteFontFileStream(uint64_t aFontFileKey)
-                                           uint64_t aFontFileKey)
   : mRefCnt(0)
   , mFontFileKey(aFontFileKey)
 {
-  mData.resize(aSize);
-  memcpy(&mData.front(), aData, aSize);
 }
 
 DWriteFontFileStream::~DWriteFontFileStream()
@@ -181,10 +181,20 @@ DWriteFontFileStream::~DWriteFontFileStream()
   sFontFileStreams.erase(mFontFileKey);
 }
 
+bool
+DWriteFontFileStream::Initialize(uint8_t *aData, uint32_t aSize)
+{
+  if (!mData.SetLength(aSize, fallible)) {
+    return false;
+  }
+  memcpy(mData.Elements(), aData, aSize);
+  return true;
+}
+
 HRESULT STDMETHODCALLTYPE
 DWriteFontFileStream::GetFileSize(UINT64 *fileSize)
 {
-  *fileSize = mData.size();
+  *fileSize = mData.Length();
   return S_OK;
 }
 
@@ -201,7 +211,7 @@ DWriteFontFileStream::ReadFileFragment(const void **fragmentStart,
                                        void **fragmentContext)
 {
   // We are required to do bounds checking.
-  if (fileOffset + fragmentSize > mData.size()) {
+  if (fileOffset + fragmentSize > mData.Length()) {
     return E_FAIL;
   }
 
@@ -232,8 +242,12 @@ NativeFontResourceDWrite::Create(uint8_t *aFontData, uint32_t aDataLength,
 
   sFontFileStreamsMutex.Lock();
   uint64_t fontFileKey = sNextFontFileKey++;
-  RefPtr<IDWriteFontFileStream> ffsRef =
+  RefPtr<DWriteFontFileStream> ffsRef = new DWriteFontFileStream(fontFileKey);
-    new DWriteFontFileStream(aFontData, aDataLength, fontFileKey);
+  if (!ffsRef->Initialize(aFontData, aDataLength)) {
+    sFontFileStreamsMutex.Unlock();
+    gfxWarning() << "Failed to create DWriteFontFileStream.";
+    return nullptr;
+  }
   sFontFileStreams[fontFileKey] = ffsRef;
   sFontFileStreamsMutex.Unlock();
 

gfx/2d/NativeFontResourceFontconfig.cpp

@@ -32,7 +32,10 @@ NativeFontResourceFontconfig::Create(uint8_t *aFontData, uint32_t aDataLength, F
   if (!aFontData || !aDataLength) {
     return nullptr;
   }
-  UniquePtr<uint8_t[]> fontData(new uint8_t[aDataLength]);
+  UniquePtr<uint8_t[]> fontData(new (fallible) uint8_t[aDataLength]);
+  if (!fontData) {
+    return nullptr;
+  }
   memcpy(fontData.get(), aFontData, aDataLength);
 
   FT_Face face = Factory::NewFTFaceFromData(aFTLibrary, fontData.get(), aDataLength, 0);