Bug 1268721 - part 2 - Null check first argument to nsContentUtils::GetSurfaceData(). r=jimm, a=ritu
authorAndrew McCreight <continuation@gmail.com>
Thu, 12 May 2016 11:04:00 +0200
changeset 378814 f4db6cf4303fd75de4e539b281a65d016b4cc8dd
parent 378813 ad37649f586081a3a77109727caf54723d56ee9a
child 378815 faaeb9873314e2885c564b2e0653606d908cb96a
push id21011
push usermak77@bonardo.net
push dateThu, 16 Jun 2016 13:40:45 +0000
reviewersjimm, ritu
bugs1268721
milestone47.0
Bug 1268721 - part 2 - Null check first argument to nsContentUtils::GetSurfaceData(). r=jimm, a=ritu
dom/base/nsContentUtils.cpp
widget/PuppetWidget.cpp
widget/nsDragServiceProxy.cpp
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -7573,16 +7573,19 @@ nsContentUtils::TransferableToIPCTransfe
             RefPtr<mozilla::gfx::SourceSurface> surface =
               image->GetFrame(imgIContainer::FRAME_CURRENT,
                               imgIContainer::FLAG_SYNC_DECODE);
             if (!surface) {
               continue;
             }
             RefPtr<mozilla::gfx::DataSourceSurface> dataSurface =
               surface->GetDataSurface();
+            if (!dataSurface) {
+              continue;
+            }
             size_t length;
             int32_t stride;
             mozilla::UniquePtr<char[]> surfaceData =
               nsContentUtils::GetSurfaceData(dataSurface, &length, &stride);
 
             IPCDataTransferItem* item = aIPCDataTransfer->items().AppendElement();
             item->flavor() = nsCString(flavorStr);
             // Turn item->data() into an nsCString prior to accessing it.
--- a/widget/PuppetWidget.cpp
+++ b/widget/PuppetWidget.cpp
@@ -996,16 +996,20 @@ PuppetWidget::SetCursor(imgIContainer* a
     aCursor->GetFrame(imgIContainer::FRAME_CURRENT,
                       imgIContainer::FLAG_SYNC_DECODE);
   if (!surface) {
     return NS_ERROR_FAILURE;
   }
 
   RefPtr<mozilla::gfx::DataSourceSurface> dataSurface =
     surface->GetDataSurface();
+  if (!dataSurface) {
+    return NS_ERROR_FAILURE;
+  }
+
   size_t length;
   int32_t stride;
   mozilla::UniquePtr<char[]> surfaceData =
     nsContentUtils::GetSurfaceData(dataSurface, &length, &stride);
 
   nsDependentCString cursorData(surfaceData.get(), length);
   mozilla::gfx::IntSize size = dataSurface->GetSize();
   if (!mTabChild->SendSetCustomCursor(cursorData, size.width, size.height, stride,
--- a/widget/nsDragServiceProxy.cpp
+++ b/widget/nsDragServiceProxy.cpp
@@ -46,30 +46,31 @@ nsDragServiceProxy::InvokeDragSessionImp
     RefPtr<mozilla::gfx::SourceSurface> surface;
     DrawDrag(mSourceNode, aRegion, mScreenX, mScreenY,
              &dragRect, &surface, &pc);
 
     if (surface) {
       RefPtr<mozilla::gfx::DataSourceSurface> dataSurface =
         surface->GetDataSurface();
       mozilla::gfx::IntSize size = dataSurface->GetSize();
-
-      size_t length;
-      int32_t stride;
-      mozilla::UniquePtr<char[]> surfaceData =
-        nsContentUtils::GetSurfaceData(dataSurface, &length, &stride);
-      nsDependentCString dragImage(surfaceData.get(), length);
+      if (dataSurface) {
+        size_t length;
+        int32_t stride;
+        mozilla::UniquePtr<char[]> surfaceData =
+          nsContentUtils::GetSurfaceData(dataSurface, &length, &stride);
+        nsDependentCString dragImage(surfaceData.get(), length);
 
-      mozilla::Unused <<
-        child->SendInvokeDragSession(dataTransfers, aActionType, dragImage,
-                                     size.width, size.height, stride,
-                                     static_cast<uint8_t>(dataSurface->GetFormat()),
-                                     dragRect.x, dragRect.y);
-      StartDragSession();
-      return NS_OK;
+        mozilla::Unused <<
+          child->SendInvokeDragSession(dataTransfers, aActionType, dragImage,
+                                       size.width, size.height, stride,
+                                       static_cast<uint8_t>(dataSurface->GetFormat()),
+                                       dragRect.x, dragRect.y);
+        StartDragSession();
+        return NS_OK;
+      }
     }
   }
 
   mozilla::Unused << child->SendInvokeDragSession(dataTransfers, aActionType,
                                                   nsCString(),
                                                   0, 0, 0, 0, 0, 0);
   StartDragSession();
   return NS_OK;