Bug 548685 - Avoid null pointer deref in nsURIHashKey r=mcmanus
authorValentin Gosu <valentin.gosu@gmail.com>
Tue, 19 Apr 2016 15:46:34 +0200
changeset 331753 0c83c41da3fdc4f0a75e077c03ed3cf60e6ff370
parent 331752 2da0c84c972a7b103d5507ea29956d704389bdd4
child 331754 4506d6d426d3ee9c780918b8f25ae311f483e43d
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmcmanus
bugs548685
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 548685 - Avoid null pointer deref in nsURIHashKey r=mcmanus MozReview-Commit-ID: 5wCZ0DTHEUS
netwerk/base/nsURIHashKey.h
toolkit/components/places/History.cpp
--- a/netwerk/base/nsURIHashKey.h
+++ b/netwerk/base/nsURIHashKey.h
@@ -24,28 +24,35 @@ public:
     nsURIHashKey(const nsURIHashKey& toCopy) :
         mKey(toCopy.mKey) { MOZ_COUNT_CTOR(nsURIHashKey); }
     ~nsURIHashKey() { MOZ_COUNT_DTOR(nsURIHashKey); }
 
     nsIURI* GetKey() const { return mKey; }
 
     bool KeyEquals(const nsIURI* aKey) const {
         bool eq;
+        if (!mKey) {
+            return !aKey;
+        }
         if (NS_SUCCEEDED(mKey->Equals(const_cast<nsIURI*>(aKey), &eq))) {
             return eq;
         }
         return false;
     }
 
     static const nsIURI* KeyToPointer(nsIURI* aKey) { return aKey; }
     static PLDHashNumber HashKey(const nsIURI* aKey) {
+        if (!aKey) {
+            // If the key is null, return hash for empty string.
+            return mozilla::HashString(EmptyCString());
+        }
         nsAutoCString spec;
         const_cast<nsIURI*>(aKey)->GetSpec(spec);
         return mozilla::HashString(spec);
     }
-    
+
     enum { ALLOW_MEMMOVE = true };
 
 protected:
     nsCOMPtr<nsIURI> mKey;
 };
 
 #endif // nsURIHashKey_h__
--- a/toolkit/components/places/History.cpp
+++ b/toolkit/components/places/History.cpp
@@ -2614,16 +2614,17 @@ History::RegisterVisitedCallback(nsIURI*
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 History::UnregisterVisitedCallback(nsIURI* aURI,
                                    Link* aLink)
 {
+  // TODO: aURI is sometimes null - see bug 548685
   NS_ASSERTION(aURI, "Must pass a non-null URI!");
   NS_ASSERTION(aLink, "Must pass a non-null Link object!");
 
   // Get the array, and remove the item from it.
   KeyClass* key = mObservers.GetEntry(aURI);
   if (!key) {
     NS_ERROR("Trying to unregister for a URI that wasn't registered!");
     return NS_ERROR_UNEXPECTED;