Bug 936969 - Make sure to null check the return value of GetFrameElementInternal(). r=bholley, a=bajaj
authorOlli Pettay <Olli.Pettay@helsinki.fi>
Mon, 11 Nov 2013 18:56:45 +0200
changeset 167458 8a8ece0bcb6c942a179d44b72cd93eac14011c84
parent 167457 51d2d426632146032eb7c2d14ef058004bb6bbee
child 167459 892e1ac9862fb1bc6022ac2b302177639a7fb8cc
push id428
push userbbajaj@mozilla.com
push dateTue, 28 Jan 2014 00:16:25 +0000
treeherdermozilla-release@cd72a7ff3a75 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley, bajaj
bugs936969
milestone27.0a2
Bug 936969 - Make sure to null check the return value of GetFrameElementInternal(). r=bholley, a=bajaj
dom/base/WindowNamedPropertiesHandler.cpp
--- a/dom/base/WindowNamedPropertiesHandler.cpp
+++ b/dom/base/WindowNamedPropertiesHandler.cpp
@@ -58,18 +58,19 @@ ShouldExposeChildWindow(nsString& aNameB
   // rely on their cross-origin subframes setting window.name to a known value,
   // which is unlikely to be very common. And while it does introduce a
   // dependency on cross-origin state when doing global lookups, it doesn't
   // allow the child to arbitrarily pollute the parent namespace, and requires
   // cross-origin communication only in a limited set of cases that can be
   // computed independently by the parent.
   nsCOMPtr<nsPIDOMWindow> piWin = do_QueryInterface(aChild);
   NS_ENSURE_TRUE(piWin, false);
-  return piWin->GetFrameElementInternal()->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name,
-                                                       aNameBeingResolved, eCaseMatters);
+  Element* e = piWin->GetFrameElementInternal();
+  return e && e->AttrValueIs(kNameSpaceID_None, nsGkAtoms::name,
+                             aNameBeingResolved, eCaseMatters);
 }
 
 bool
 WindowNamedPropertiesHandler::getOwnPropertyDescriptor(JSContext* aCx,
                                                        JS::Handle<JSObject*> aProxy,
                                                        JS::Handle<jsid> aId,
                                                        JS::MutableHandle<JSPropertyDescriptor> aDesc,
                                                        unsigned aFlags)