https://bugs.alpinelinux.org/issues/5559 https://bugzilla.mozilla.org/show_bug.cgi?id=1274732 --- mozilla/netwerk/streamconv/converters/nsHTTPCompressConv.cpp +++ mozilla/netwerk/streamconv/converters/nsHTTPCompressConv.cpp @@ -165,9 +165,8 @@ nsHTTPCompressConv::BrotliHandler(nsIInputStream *stream, void *closure, const c nsHTTPCompressConv *self = static_cast(closure); *countRead = 0; - const uint32_t kOutSize = 128 * 1024; // just a chunk size, we call in a loop - unsigned char outBuffer[kOutSize]; - unsigned char *outPtr; + const size_t kOutSize = 128 * 1024; // just a chunk size, we call in a loop + uint8_t *outPtr; size_t outSize; size_t avail = aAvail; BrotliResult res; @@ -177,9 +176,15 @@ nsHTTPCompressConv::BrotliHandler(nsIInputStream *stream, void *closure, const c return NS_OK; } + auto outBuffer = MakeUniqueFallible(kOutSize); + if (outBuffer == nullptr) { + self->mBrotli->mStatus = NS_ERROR_OUT_OF_MEMORY; + return self->mBrotli->mStatus; + } + do { outSize = kOutSize; - outPtr = outBuffer; + outPtr = outBuffer.get(); // brotli api is documented in brotli/dec/decode.h and brotli/dec/decode.c LOG(("nsHttpCompresssConv %p brotlihandler decompress %d\n", self, avail)); @@ -210,7 +215,7 @@ nsHTTPCompressConv::BrotliHandler(nsIInputStream *stream, void *closure, const c nsresult rv = self->do_OnDataAvailable(self->mBrotli->mRequest, self->mBrotli->mContext, self->mBrotli->mSourceOffset, - reinterpret_cast(outBuffer), + reinterpret_cast(outBuffer.get()), outSize); LOG(("nsHttpCompressConv %p BrotliHandler ODA rv=%x", self, rv)); if (NS_FAILED(rv)) {