Bug 328755 - Fix the ConvertAndWrite crash. r=bz
authorJames Kitchener <jkitch.bug@gmail.com>
Tue, 18 Feb 2014 09:57:44 -0500
changeset 169307 b95d0fb140264ad21beb8bcf91f590ab1122bc02
parent 169306 6f1e6f7d3041bc1da91f1814497a71366a9bdbc3
child 169308 940b00462eb765491c176727f08c59b14f82a450
push id39920
push userryanvm@gmail.com
push dateTue, 18 Feb 2014 14:58:56 +0000
treeherdermozilla-inbound@ae95fa9d4450 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs328755
milestone30.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 328755 - Fix the ConvertAndWrite crash. r=bz
content/base/src/nsDocumentEncoder.cpp
--- a/content/base/src/nsDocumentEncoder.cpp
+++ b/content/base/src/nsDocumentEncoder.cpp
@@ -554,16 +554,22 @@ ConvertAndWrite(const nsAString& aString
   const char16_t* unicodeBuf = flat.get();
   int32_t unicodeLength = aString.Length();
   int32_t startLength = unicodeLength;
 
   rv = aEncoder->GetMaxLength(unicodeBuf, unicodeLength, &charLength);
   startCharLength = charLength;
   NS_ENSURE_SUCCESS(rv, rv);
 
+  if (!charLength) {
+    // Nothing to write.  Besides, a length 0 string has an immutable buffer, so
+    // attempts to null-terminate it will crash.
+    return NS_OK;
+  }
+
   nsAutoCString charXferString;
   if (!charXferString.SetLength(charLength, fallible_t()))
     return NS_ERROR_OUT_OF_MEMORY;
 
   char* charXferBuf = charXferString.BeginWriting();
   nsresult convert_rv = NS_OK;
 
   do {