Bug 920725 - Return with error in nsHtml5StreamParser::WriteStreamBytes if mLastBuffer is null. r=hsivonen
authorSteve Workman <sworkman@mozilla.com>
Wed, 16 Oct 2013 11:16:36 -0400
changeset 164779 08a84b46802138ec218dea333ae2e0ff8b4be7e4
parent 164778 60185e9edfd42d2d98d8252cb14b78b7e7ce2170
child 164780 d0139a74ac0356b78b455bfe224e2b2035c412fe
push id3066
push userakeybl@mozilla.com
push dateMon, 09 Dec 2013 19:58:46 +0000
treeherdermozilla-beta@a31a0dce83aa [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershsivonen
bugs920725
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 920725 - Return with error in nsHtml5StreamParser::WriteStreamBytes if mLastBuffer is null. r=hsivonen
parser/html/nsHtml5StreamParser.cpp
--- a/parser/html/nsHtml5StreamParser.cpp
+++ b/parser/html/nsHtml5StreamParser.cpp
@@ -794,18 +794,23 @@ nsHtml5StreamParser::SniffStreamBytes(co
 }
 
 nsresult
 nsHtml5StreamParser::WriteStreamBytes(const uint8_t* aFromSegment,
                                       uint32_t aCount,
                                       uint32_t* aWriteCount)
 {
   NS_ASSERTION(IsParserThread(), "Wrong thread!");
-  // mLastBuffer always points to a buffer of the size
+  // mLastBuffer should always point to a buffer of the size
   // NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE.
+  if (!mLastBuffer) {
+    NS_WARNING("mLastBuffer should not be null!");
+    MarkAsBroken();
+    return NS_ERROR_NULL_POINTER;
+  }
   if (mLastBuffer->getEnd() == NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE) {
     nsRefPtr<nsHtml5OwningUTF16Buffer> newBuf =
       nsHtml5OwningUTF16Buffer::FalliblyCreate(
         NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE);
     if (!newBuf) {
       return NS_ERROR_OUT_OF_MEMORY;
     }
     mLastBuffer = (mLastBuffer->next = newBuf.forget());