Bug 920725 - Return with error in nsHtml5StreamParser::WriteStreamBytes if mLastBuffer is null. r=hsivonen
authorSteve Workman <sworkman@mozilla.com>
Wed, 16 Oct 2013 11:16:36 -0400
changeset 165731 08a84b46802138ec218dea333ae2e0ff8b4be7e4
parent 165730 60185e9edfd42d2d98d8252cb14b78b7e7ce2170
child 165732 d0139a74ac0356b78b455bfe224e2b2035c412fe
push id428
push userbbajaj@mozilla.com
push dateTue, 28 Jan 2014 00:16:25 +0000
treeherdermozilla-release@cd72a7ff3a75 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewershsivonen
bugs920725
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 920725 - Return with error in nsHtml5StreamParser::WriteStreamBytes if mLastBuffer is null. r=hsivonen
parser/html/nsHtml5StreamParser.cpp
--- a/parser/html/nsHtml5StreamParser.cpp
+++ b/parser/html/nsHtml5StreamParser.cpp
@@ -794,18 +794,23 @@ nsHtml5StreamParser::SniffStreamBytes(co
 }
 
 nsresult
 nsHtml5StreamParser::WriteStreamBytes(const uint8_t* aFromSegment,
                                       uint32_t aCount,
                                       uint32_t* aWriteCount)
 {
   NS_ASSERTION(IsParserThread(), "Wrong thread!");
-  // mLastBuffer always points to a buffer of the size
+  // mLastBuffer should always point to a buffer of the size
   // NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE.
+  if (!mLastBuffer) {
+    NS_WARNING("mLastBuffer should not be null!");
+    MarkAsBroken();
+    return NS_ERROR_NULL_POINTER;
+  }
   if (mLastBuffer->getEnd() == NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE) {
     nsRefPtr<nsHtml5OwningUTF16Buffer> newBuf =
       nsHtml5OwningUTF16Buffer::FalliblyCreate(
         NS_HTML5_STREAM_PARSER_READ_BUFFER_SIZE);
     if (!newBuf) {
       return NS_ERROR_OUT_OF_MEMORY;
     }
     mLastBuffer = (mLastBuffer->next = newBuf.forget());