Bug 472237 - check for null user font set before using. r+sr=dbaron
authorJohn Daggett <jdaggett@mozilla.com>
Fri, 09 Jan 2009 17:01:36 +0900
changeset 22772 a806e1074255adf4c24e4750200065a26d9a1acb
parent 22771 881fdb2a350fc140e48928e63e8b2306de614256
child 22773 0a9f0a5ee334384e4563bcd1cc274f51036ff27f
push id399
push userjdaggett@mozilla.com
push dateFri, 09 Jan 2009 08:01:52 +0000
bugs472237
milestone1.9.1b3pre
Bug 472237 - check for null user font set before using. r+sr=dbaron
layout/style/crashtests/472237-1.html
layout/style/crashtests/crashtests.list
layout/style/nsFontFaceLoader.cpp
new file mode 100644
--- /dev/null
+++ b/layout/style/crashtests/472237-1.html
@@ -0,0 +1,26 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<style type="text/css">
+
+@font-face {
+      font-family: "Fontin-Sans SC";
+      /* the font url below is correct but won't be accessed due to cross-site restrictions */
+      src: url(../../reftests/fonts/markA.ttf) format("opentype");
+}
+
+</style>
+
+<script type="text/javascript">
+
+function boom()
+{
+  document.getElementById("r").style.fontFamily = "'Fontin-Sans SC'";
+  document.documentElement.offsetHeight;
+  document.removeChild(document.documentElement);
+}
+
+</script>
+</head>
+
+<body onload="boom();"><div id="r">R</div></body>
+</html>
--- a/layout/style/crashtests/crashtests.list
+++ b/layout/style/crashtests/crashtests.list
@@ -19,8 +19,10 @@ load 444237-1.html
 load 444848-1.html 
 load 447776-1.html
 load 447783-1.html
 load 448161-1.html
 load 448161-2.html
 load 456196.html
 load 460217-1.html
 load 466845-1.html
+HTTP(..) load 472237-1.html
+load about:blank # 472237 doesn't occur when it's the last in the list
--- a/layout/style/nsFontFaceLoader.cpp
+++ b/layout/style/nsFontFaceLoader.cpp
@@ -121,19 +121,24 @@ nsFontFaceLoader::OnStreamComplete(nsISt
   }
 
   nsPresContext *ctx = mShell->GetPresContext();
   if (!ctx) {
     return aStatus;
   }
 
   // whether an error occurred or not, notify the user font set of the completion
-  fontUpdate = ctx->GetUserFontSet()->OnLoadComplete(mFontEntry, aLoader,
-                                                     aString, aStringLen,
-                                                     aStatus);
+  gfxUserFontSet *userFontSet = ctx->GetUserFontSet();
+  if (!userFontSet) {
+    return aStatus;
+  }
+  
+  fontUpdate = userFontSet->OnLoadComplete(mFontEntry, aLoader,
+                                           aString, aStringLen,
+                                           aStatus);
 
   // when new font loaded, need to reflow
   if (fontUpdate) {
     // Update layout for the presence of the new font.  Since this is
     // asynchronous, reflows will coalesce.
     ctx->UserFontSetUpdated();
     LOG(("fontdownloader (%p) reflow\n", this));
   }