Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm
authorAndrew McCreight <continuation@gmail.com>
Fri, 22 Apr 2016 14:15:36 -0700
changeset 294609 1e006c7b5eda3864a980561e5c9a61b95bc7bbf9
parent 294608 8ba674386af9c363f7bde96613abdc7ac6207f0f
child 294610 1d1b0febedc2aa87ce679402b28e689ff36d0986
push id30208
push usercbook@mozilla.com
push dateMon, 25 Apr 2016 09:55:37 +0000
treeherdermozilla-central@1c6385ae1fe7 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdm
bugs1263001
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm If an unlinked nsGeolocationRequest somehow stays alive, then calling Notify() on it will likely cause a null-deref crash.
dom/geolocation/nsGeolocation.cpp
--- a/dom/geolocation/nsGeolocation.cpp
+++ b/dom/geolocation/nsGeolocation.cpp
@@ -786,17 +786,17 @@ nsGeolocationRequest::Shutdown()
 // nsGeolocationRequest::TimerCallbackHolder
 ////////////////////////////////////////////////////
 
 NS_IMPL_ISUPPORTS(nsGeolocationRequest::TimerCallbackHolder, nsISupports, nsITimerCallback)
 
 NS_IMETHODIMP
 nsGeolocationRequest::TimerCallbackHolder::Notify(nsITimer*)
 {
-  if (mRequest) {
+  if (mRequest && mRequest->mLocator) {
     RefPtr<nsGeolocationRequest> request(mRequest);
     request->Notify();
   }
   return NS_OK;
 }
 
 
 ////////////////////////////////////////////////////