Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm a=ritu
authorAndrew McCreight <continuation@gmail.com>
Fri, 22 Apr 2016 14:15:36 -0700
changeset 324173 28738ca1f22a1b2d80121a62b63d840994672f5d
parent 324172 9fad204a1b6ec66f549808e75866c0924dffcfa8
child 324174 bd61104c52b815cffaf1561552d3e24778260157
push id5926
push userkwierso@gmail.com
push dateFri, 29 Apr 2016 21:00:39 +0000
treeherdermozilla-beta@362b8365615b [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjdm, ritu
bugs1263001
milestone47.0
Bug 1263001 - Don't Notify() an unlinked nsGeolocationRequest. r=jdm a=ritu If an unlinked nsGeolocationRequest somehow stays alive, then calling Notify() on it will likely cause a null-deref crash. MozReview-Commit-ID: 7dn4DDp3iZh
dom/geolocation/nsGeolocation.cpp
--- a/dom/geolocation/nsGeolocation.cpp
+++ b/dom/geolocation/nsGeolocation.cpp
@@ -770,17 +770,17 @@ nsGeolocationRequest::Shutdown()
 // nsGeolocationRequest::TimerCallbackHolder
 ////////////////////////////////////////////////////
 
 NS_IMPL_ISUPPORTS(nsGeolocationRequest::TimerCallbackHolder, nsISupports, nsITimerCallback)
 
 NS_IMETHODIMP
 nsGeolocationRequest::TimerCallbackHolder::Notify(nsITimer*)
 {
-  if (mRequest) {
+  if (mRequest && mRequest->mLocator) {
     RefPtr<nsGeolocationRequest> request(mRequest);
     request->Notify();
   }
   return NS_OK;
 }
 
 
 ////////////////////////////////////////////////////