Bug 1251253 - prevent null pointer dereference of |aContext| in CacheStorageService::DoomStorageEntries. r=mayhemer
authorBogdan Postelnicu <bogdan.postelnicu@softvision.ro>
Thu, 25 Feb 2016 20:41:52 +0200
changeset 322135 b73632b2d7243de58d081c6cdc94dd2aa43e6162
parent 322134 cb43c67f89030fb0ee8e702e48bc78bcbc4c8d51
child 322136 6e6aaff5337b029bd945c8c90e87f094e1625814
push id5913
push userjlund@mozilla.com
push dateMon, 25 Apr 2016 16:57:49 +0000
treeherdermozilla-beta@dcaf0a6fa115 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmayhemer
bugs1251253
milestone47.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1251253 - prevent null pointer dereference of |aContext| in CacheStorageService::DoomStorageEntries. r=mayhemer MozReview-Commit-ID: BmXXg4eW25n
netwerk/cache2/CacheStorageService.cpp
--- a/netwerk/cache2/CacheStorageService.cpp
+++ b/netwerk/cache2/CacheStorageService.cpp
@@ -1794,25 +1794,29 @@ CacheStorageService::DoomStorageEntries(
         RemoveExactEntry(diskEntries, iter.Key(), entry, false);
       }
     }
   }
 
   {
     mozilla::MutexAutoLock lock(mForcedValidEntriesLock);
 
-    for (auto iter = mForcedValidEntries.Iter(); !iter.Done(); iter.Next()) {
-      bool matches;
-      DebugOnly<nsresult> rv = CacheFileUtils::KeyMatchesLoadContextInfo(
-        iter.Key(), aContext, &matches);
-      MOZ_ASSERT(NS_SUCCEEDED(rv));
+    if (aContext) {
+      for (auto iter = mForcedValidEntries.Iter(); !iter.Done(); iter.Next()) {
+        bool matches;
+        DebugOnly<nsresult> rv = CacheFileUtils::KeyMatchesLoadContextInfo(
+          iter.Key(), aContext, &matches);
+        MOZ_ASSERT(NS_SUCCEEDED(rv));
 
-      if (matches) {
-        iter.Remove();
+        if (matches) {
+          iter.Remove();
+        }
       }
+    } else {
+      mForcedValidEntries.Clear();
     }
   }
 
   // An artificial callback.  This is a candidate for removal tho.  In the new
   // cache any 'doom' or 'evict' function ensures that the entry or entries
   // being doomed is/are not accessible after the function returns.  So there is
   // probably no need for a callback - has no meaning.  But for compatibility
   // with the old cache that is still in the tree we keep the API similar to be