Bug 920725 - Return with error in nsHtml5StreamParser::WriteStreamBytes if mLastBuffer is null. r=hsivonen, a=akeybl
authorSteve Workman <sworkman@mozilla.com>
Wed, 16 Oct 2013 11:16:36 -0400
changeset 160728 ef0f77bda0be84a1ca353507666b104ccd0fefe4
parent 160727 420a47d418ec92e81efc45d3de3516c619b62d7d
child 160729 ab9457c487435f7a342f50d7550169aceb2b7898
push id2961
push userlsblakk@mozilla.com
push dateMon, 28 Oct 2013 21:59:28 +0000
treeherdermozilla-beta@73ef4f13486f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershsivonen, akeybl
bugs920725
milestone26.0a2
Bug 920725 - Return with error in nsHtml5StreamParser::WriteStreamBytes if mLastBuffer is null. r=hsivonen, a=akeybl
parser/html/nsHtml5StreamParser.cpp
--- a/parser/html/nsHtml5StreamParser.cpp
+++ b/parser/html/nsHtml5StreamParser.cpp
@@ -794,18 +794,23 @@ nsHtml5StreamParser::SniffStreamBytes(co
 }
 
 nsresult
 nsHtml5StreamParser::WriteStreamBytes(const uint8_t* aFromSegment,
                                       uint32_t aCount,
                                       uint32_t* aWriteCount)
 {
   NS_ASSERTION(IsParserThread(), "Wrong thread!");
-  // mLastBuffer always points to a buffer of the size
+  // mLastBuffer should always point to a buffer of the size
   // NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE.
+  if (!mLastBuffer) {
+    NS_WARNING("mLastBuffer should not be null!");
+    MarkAsBroken();
+    return NS_ERROR_NULL_POINTER;
+  }
   if (mLastBuffer->getEnd() == NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE) {
     nsRefPtr<nsHtml5OwningUTF16Buffer> newBuf =
       nsHtml5OwningUTF16Buffer::FalliblyCreate(
         NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE);
     if (!newBuf) {
       return NS_ERROR_OUT_OF_MEMORY;
     }
     mLastBuffer = (mLastBuffer->next = newBuf.forget());