Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm
authorAndrew McCreight <continuation@gmail.com>
Fri, 22 Apr 2016 14:15:36 -0700
changeset 294547 1e006c7b5eda3864a980561e5c9a61b95bc7bbf9
parent 294546 8ba674386af9c363f7bde96613abdc7ac6207f0f
child 294548 1d1b0febedc2aa87ce679402b28e689ff36d0986
push id75588
push useramccreight@mozilla.com
push dateFri, 22 Apr 2016 21:15:47 +0000
treeherdermozilla-inbound@1e006c7b5eda [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdm
bugs1263001
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm If an unlinked nsGeolocationRequest somehow stays alive, then calling Notify() on it will likely cause a null-deref crash.
dom/geolocation/nsGeolocation.cpp
--- a/dom/geolocation/nsGeolocation.cpp
+++ b/dom/geolocation/nsGeolocation.cpp
@@ -786,17 +786,17 @@ nsGeolocationRequest::Shutdown()
 // nsGeolocationRequest::TimerCallbackHolder
 ////////////////////////////////////////////////////
 
 NS_IMPL_ISUPPORTS(nsGeolocationRequest::TimerCallbackHolder, nsISupports, nsITimerCallback)
 
 NS_IMETHODIMP
 nsGeolocationRequest::TimerCallbackHolder::Notify(nsITimer*)
 {
-  if (mRequest) {
+  if (mRequest && mRequest->mLocator) {
     RefPtr<nsGeolocationRequest> request(mRequest);
     request->Notify();
   }
   return NS_OK;
 }
 
 
 ////////////////////////////////////////////////////