Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm
authorAndrew McCreight <continuation@gmail.com>
Fri, 22 Apr 2016 14:15:36 -0700
changeset 332480 1e006c7b5eda3864a980561e5c9a61b95bc7bbf9
parent 332479 8ba674386af9c363f7bde96613abdc7ac6207f0f
child 332481 1d1b0febedc2aa87ce679402b28e689ff36d0986
push id6048
push userkmoir@mozilla.com
push dateMon, 06 Jun 2016 19:02:08 +0000
treeherdermozilla-beta@46d72a56c57d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdm
bugs1263001
milestone48.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm If an unlinked nsGeolocationRequest somehow stays alive, then calling Notify() on it will likely cause a null-deref crash.
dom/geolocation/nsGeolocation.cpp
--- a/dom/geolocation/nsGeolocation.cpp
+++ b/dom/geolocation/nsGeolocation.cpp
@@ -786,17 +786,17 @@ nsGeolocationRequest::Shutdown()
 // nsGeolocationRequest::TimerCallbackHolder
 ////////////////////////////////////////////////////
 
 NS_IMPL_ISUPPORTS(nsGeolocationRequest::TimerCallbackHolder, nsISupports, nsITimerCallback)
 
 NS_IMETHODIMP
 nsGeolocationRequest::TimerCallbackHolder::Notify(nsITimer*)
 {
-  if (mRequest) {
+  if (mRequest && mRequest->mLocator) {
     RefPtr<nsGeolocationRequest> request(mRequest);
     request->Notify();
   }
   return NS_OK;
 }
 
 
 ////////////////////////////////////////////////////