From 7040645be763b0de6fd227b6fa97aca5191605a6 Mon Sep 17 00:00:00 2001
From: Fedor <fedor@mail.ru>
Date: Sun, 7 Feb 2021 17:33:27 +0200
Subject: [PATCH] Fix rooting hazard in ImageBitmap::CreateInternal by avoiding
 movable data.

---
 dom/canvas/ImageBitmap.cpp | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/dom/canvas/ImageBitmap.cpp b/dom/canvas/ImageBitmap.cpp
index e4b145d46..bb47618a6 100644
--- a/dom/canvas/ImageBitmap.cpp
+++ b/dom/canvas/ImageBitmap.cpp
@@ -952,13 +952,17 @@ ImageBitmap::CreateInternal(nsIGlobalObject* aGlobal, ImageData& aImageData,
 
   // Create and Crop the raw data into a layers::Image
   RefPtr<layers::Image> data;
+
+  // The data could move during a GC; copy it out into a local buffer.
+  uint8_t* fixedData = array.Data();
+
   if (NS_IsMainThread()) {
     data = CreateImageFromRawData(imageSize, imageStride, FORMAT,
-                                  array.Data(), dataLength,
+                                  fixedData, dataLength,
                                   aCropRect);
   } else {
     RefPtr<CreateImageFromRawDataInMainThreadSyncTask> task
-      = new CreateImageFromRawDataInMainThreadSyncTask(array.Data(),
+      = new CreateImageFromRawDataInMainThreadSyncTask(fixedData,
                                                        dataLength,
                                                        imageStride,
                                                        FORMAT,