From dceb1c4fe69755783dfd233fbbaaa8e471b13dd3 Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Wed, 29 Apr 2026 11:30:43 +0200
Subject: [PATCH] [DOM] Validate size in FileReader.

---
 dom/base/FileReader.cpp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/dom/base/FileReader.cpp b/dom/base/FileReader.cpp
index 4903b52d27..aaf41aecee 100644
--- a/dom/base/FileReader.cpp
+++ b/dom/base/FileReader.cpp
@@ -395,8 +395,14 @@ FileReader::ReadFileContent(Blob& aBlob,
     return;
   }
 
+  CheckedInt<size_t> size(mTotal);
+  if (!size.isValid()) {
+    aRv.Throw(NS_ERROR_OUT_OF_MEMORY);
+    return;
+  }
+
   if (mDataFormat == FILE_AS_ARRAYBUFFER) {
-    mFileData = js_pod_malloc<char>(mTotal);
+    mFileData = js_pod_malloc<char>(size.value());
     if (!mFileData) {
       NS_WARNING("Preallocation failed for ReadFileData");
       aRv.Throw(NS_ERROR_OUT_OF_MEMORY);