Bug 1454140: Invalid URLs with ref also exist. r=heycam
authorEmilio Cobos Álvarez <emilio@crisal.io>
Sat, 14 Apr 2018 17:24:45 +0200
changeset 467409 484c9ddde7ddda6dacf2be3d7e3e2d4c9d6f9a46
parent 467408 8acb65ad7377ee946e9f55b2f5ae00e02ed25900
child 467410 7d35e0be4b5756330817311e9980177c09fdc8c0
push id9165
push userasasaki@mozilla.com
push dateThu, 26 Apr 2018 21:04:54 +0000
treeherdermozilla-beta@064c3804de2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersheycam
bugs1454140
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1454140: Invalid URLs with ref also exist. r=heycam MozReview-Commit-ID: HsH3ERcTeLm
layout/style/crashtests/1454140.html
layout/style/crashtests/crashtests.list
layout/style/nsStyleStruct.cpp
new file mode 100644
--- /dev/null
+++ b/layout/style/crashtests/1454140.html
@@ -0,0 +1,4 @@
+<!-- A -->
+<table background="
+#"><base href=Y:
+<!-- A -->
--- a/layout/style/crashtests/crashtests.list
+++ b/layout/style/crashtests/crashtests.list
@@ -267,8 +267,9 @@ load 1418059.html
 test-pref(dom.animations-api.core.enabled,true) load 1418867.html
 pref(dom.webcomponents.shadowdom.enabled,true) load 1419554.html
 load 1426312.html
 load 1439793.html
 load 1409183.html
 pref(dom.webcomponents.shadowdom.enabled,true) load 1445682.html
 load 1450691.html
 pref(dom.webcomponents.shadowdom.enabled,true) load 1453206.html
+load 1454140.html
--- a/layout/style/nsStyleStruct.cpp
+++ b/layout/style/nsStyleStruct.cpp
@@ -2170,18 +2170,22 @@ nsStyleImageRequest::Resolve(
 
   mResolved = true;
 
   nsIDocument* doc = aPresContext->Document();
   nsIURI* docURI = doc->GetDocumentURI();
   if (GetImageValue()->HasRef()) {
     bool isEqualExceptRef = false;
     RefPtr<nsIURI> imageURI = GetImageURI();
-    imageURI->EqualsExceptRef(docURI, &isEqualExceptRef);
-    if (isEqualExceptRef) {
+    if (!imageURI) {
+      return false;
+    }
+
+    if (NS_SUCCEEDED(imageURI->EqualsExceptRef(docURI, &isEqualExceptRef)) &&
+        isEqualExceptRef) {
       // Prevent loading an internal resource.
       return true;
     }
   }
 
   // TODO(emilio, bug 1440442): This is a hackaround to avoid flickering due the
   // lack of non-http image caching in imagelib (bug 1406134), which causes
   // stuff like bug 1439285. Cleanest fix if that doesn't get fixed is bug