commit 492000b51e307a6017fbaea792e41730aa31ef3e
parent 3511c2af06c0559a9df0129f9db41a6418d70f1f
Author: Brad Werth <werth@efn.org>
Date: Fri, 19 Dec 2025 19:14:09 +0000
Bug 2006199: Use gzip stream total_out for SVG document parsing. r=jfkthame
With this change, the assert is no longer necessary, because the stream
tells us how many elements to process. A crashtest is included.
Differential Revision: https://phabricator.services.mozilla.com/D276726
Diffstat:
4 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/gfx/tests/crashtests/2006199.html b/gfx/tests/crashtests/2006199.html
@@ -0,0 +1,8 @@
+<!DOCTYPE html>
+<style>
+@font-face {
+ font-family: 'PoCFont';
+ src: url('badsvgfont.ttf');
+}
+</style>
+<div style="font-family: PoCFont; font-size: 100px;">L</div>
diff --git a/gfx/tests/crashtests/badsvgfont.ttf b/gfx/tests/crashtests/badsvgfont.ttf
Binary files differ.
diff --git a/gfx/tests/crashtests/crashtests.list b/gfx/tests/crashtests/crashtests.list
@@ -231,3 +231,4 @@ load 1938548.html
load 1962172-1.html
load 1983053.html
load 1999841-1.html
+load 2006199.html
diff --git a/gfx/thebes/gfxSVGGlyphs.cpp b/gfx/thebes/gfxSVGGlyphs.cpp
@@ -281,8 +281,7 @@ gfxSVGGlyphsDocument::gfxSVGGlyphsDocument(const uint8_t* aBuffer,
if (Z_OK == inflateInit2(&s, 16 + MAX_WBITS)) {
int result = inflate(&s, Z_FINISH);
if (Z_STREAM_END == result) {
- MOZ_ASSERT(size_t(s.next_out - outBuf.Elements()) == origLen);
- ParseDocument(outBuf.Elements(), outBuf.Length());
+ ParseDocument(outBuf.Elements(), s.total_out);
} else {
NS_WARNING("Failed to decompress SVG glyphs document");
}
