third_party/WebKit/Source/core/fetch/ImageResource.cpp - Issue 2173873003: Cancel image loads if decoding failed (attempt #2)

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: third_party/WebKit/Source/core/fetch/ImageResource.cpp

Issue 2173873003: Cancel image loads if decoding failed (attempt #2) (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fix UAF Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: third_party/WebKit/Source/core/fetch/ImageResource.cpp

diff --git a/third_party/WebKit/Source/core/fetch/ImageResource.cpp b/third_party/WebKit/Source/core/fetch/ImageResource.cpp

index c08e465ee78fe5722792924a619f9acb8341854e..194fe542182e6c661977f6398f0dc23052b7a3f2 100644

--- a/third_party/WebKit/Source/core/fetch/ImageResource.cpp

+++ b/third_party/WebKit/Source/core/fetch/ImageResource.cpp

@@ -375,7 +375,7 @@ void ImageResource::updateImage(bool allDataReceived)

if (m_data)

createImage();

- bool sizeAvailable = false;

+ Image::SizeAvailability sizeAvailable = Image::SizeUnavailable;

// Have the image update its data from its internal buffer.

// It will not do anything now, but will delay decoding until

@@ -389,19 +389,20 @@ void ImageResource::updateImage(bool allDataReceived)

// received all the data or the size is known. Each chunk from the

// network causes observers to repaint, which will force that chunk

// to decode.

- if (sizeAvailable || allDataReceived) {

- if (!m_image || m_image->isNull()) {

- if (!errorOccurred())

- setStatus(DecodeError);

- clear();

- if (memoryCache()->contains(this))

- memoryCache()->remove(this);

- }

- // It would be nice to only redraw the decoded band of the image, but with the current design

- // (decoding delayed until painting) that seems hard.

- notifyObservers();

+ if (sizeAvailable == Image::SizeUnavailable && !allDataReceived)

+ return;

+ if (!m_image || m_image->isNull()) {

+ if (!errorOccurred())

+ setStatus(DecodeError);

+ if (!allDataReceived && m_loader)

+ m_loader->didFinishLoading(nullptr, monotonicallyIncreasingTime(), encodedSize());

+ clear();

+ memoryCache()->remove(this);

}

+ // It would be nice to only redraw the decoded band of the image, but with the current design

+ // (decoding delayed until painting) that seems hard.

+ notifyObservers();

}

void ImageResource::updateImageAndClearBuffer()

« no previous file with comments | « no previous file | third_party/WebKit/Source/core/fetch/ImageResourceTest.cpp » ('j') | no next file with comments »