Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(14)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/fetch/ImageResource.cpp

Issue 2173873003: Cancel image loads if decoding failed (attempt #2) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Fix UAF Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/fetch/ImageResourceTest.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de) 2 Copyright (C) 1998 Lars Knoll (knoll@mpi-hd.mpg.de)
3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org) 3 Copyright (C) 2001 Dirk Mueller (mueller@kde.org)
4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org) 4 Copyright (C) 2002 Waldo Bastian (bastian@kde.org)
5 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com) 5 Copyright (C) 2006 Samuel Weinig (sam.weinig@gmail.com)
6 Copyright (C) 2004, 2005, 2006, 2007 Apple Inc. All rights reserved. 6 Copyright (C) 2004, 2005, 2006, 2007 Apple Inc. All rights reserved.
7 7
8 This library is free software; you can redistribute it and/or 8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Library General Public 9 modify it under the terms of the GNU Library General Public
10 License as published by the Free Software Foundation; either 10 License as published by the Free Software Foundation; either
(...skipping 357 matching lines...) Expand 10 before | Expand all | Expand 10 after
368 m_image.clear(); 368 m_image.clear();
369 } 369 }
370 370
371 void ImageResource::updateImage(bool allDataReceived) 371 void ImageResource::updateImage(bool allDataReceived)
372 { 372 {
373 TRACE_EVENT0("blink", "ImageResource::updateImage"); 373 TRACE_EVENT0("blink", "ImageResource::updateImage");
374 374
375 if (m_data) 375 if (m_data)
376 createImage(); 376 createImage();
377 377
378 bool sizeAvailable = false; 378 Image::SizeAvailability sizeAvailable = Image::SizeUnavailable;
379 379
380 // Have the image update its data from its internal buffer. 380 // Have the image update its data from its internal buffer.
381 // It will not do anything now, but will delay decoding until 381 // It will not do anything now, but will delay decoding until
382 // queried for info (like size or specific image frames). 382 // queried for info (like size or specific image frames).
383 if (m_data) { 383 if (m_data) {
384 DCHECK(m_image); 384 DCHECK(m_image);
385 sizeAvailable = m_image->setData(m_data, allDataReceived); 385 sizeAvailable = m_image->setData(m_data, allDataReceived);
386 } 386 }
387 387
388 // Go ahead and tell our observers to try to draw if we have either 388 // Go ahead and tell our observers to try to draw if we have either
389 // received all the data or the size is known. Each chunk from the 389 // received all the data or the size is known. Each chunk from the
390 // network causes observers to repaint, which will force that chunk 390 // network causes observers to repaint, which will force that chunk
391 // to decode. 391 // to decode.
392 if (sizeAvailable || allDataReceived) { 392 if (sizeAvailable == Image::SizeUnavailable && !allDataReceived)
393 if (!m_image || m_image->isNull()) { 393 return;
394 if (!errorOccurred()) 394 if (!m_image || m_image->isNull()) {
395 setStatus(DecodeError); 395 if (!errorOccurred())
396 clear(); 396 setStatus(DecodeError);
397 if (memoryCache()->contains(this)) 397 if (!allDataReceived && m_loader)
398 memoryCache()->remove(this); 398 m_loader->didFinishLoading(nullptr, monotonicallyIncreasingTime(), e ncodedSize());
399 } 399 clear();
400 memoryCache()->remove(this);
401 }
400 402
401 // It would be nice to only redraw the decoded band of the image, but wi th the current design 403 // It would be nice to only redraw the decoded band of the image, but with t he current design
402 // (decoding delayed until painting) that seems hard. 404 // (decoding delayed until painting) that seems hard.
403 notifyObservers(); 405 notifyObservers();
404 }
405 } 406 }
406 407
407 void ImageResource::updateImageAndClearBuffer() 408 void ImageResource::updateImageAndClearBuffer()
408 { 409 {
409 clearImage(); 410 clearImage();
410 updateImage(true); 411 updateImage(true);
411 m_data.clear(); 412 m_data.clear();
412 } 413 }
413 414
414 void ImageResource::finish(double loadFinishTime) 415 void ImageResource::finish(double loadFinishTime)
(...skipping 170 matching lines...) Expand 10 before | Expand all | Expand 10 after
585 if (response().wasFetchedViaServiceWorker()) 586 if (response().wasFetchedViaServiceWorker())
586 return response().serviceWorkerResponseType() != WebServiceWorkerRespons eTypeOpaque; 587 return response().serviceWorkerResponseType() != WebServiceWorkerRespons eTypeOpaque;
587 if (!getImage()->currentFrameHasSingleSecurityOrigin()) 588 if (!getImage()->currentFrameHasSingleSecurityOrigin())
588 return false; 589 return false;
589 if (passesAccessControlCheck(securityOrigin)) 590 if (passesAccessControlCheck(securityOrigin))
590 return true; 591 return true;
591 return !securityOrigin->taintsCanvas(response().url()); 592 return !securityOrigin->taintsCanvas(response().url());
592 } 593 }
593 594
594 } // namespace blink 595 } // namespace blink
OLDNEW
« no previous file with comments | « no previous file | third_party/WebKit/Source/core/fetch/ImageResourceTest.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698