Bug 328755 - Fix the ConvertAndWrite crash. r=bz
authorJames Kitchener <jkitch.bug@gmail.com>
Tue, 18 Feb 2014 09:57:44 -0500
changeset 169669 b95d0fb140264ad21beb8bcf91f590ab1122bc02
parent 169668 6f1e6f7d3041bc1da91f1814497a71366a9bdbc3
child 169670 940b00462eb765491c176727f08c59b14f82a450
push id270
push userpvanderbeken@mozilla.com
push dateThu, 06 Mar 2014 09:24:21 +0000
reviewersbz
bugs328755
milestone30.0a1
Bug 328755 - Fix the ConvertAndWrite crash. r=bz
content/base/src/nsDocumentEncoder.cpp
--- a/content/base/src/nsDocumentEncoder.cpp
+++ b/content/base/src/nsDocumentEncoder.cpp
@@ -554,16 +554,22 @@ ConvertAndWrite(const nsAString& aString
   const char16_t* unicodeBuf = flat.get();
   int32_t unicodeLength = aString.Length();
   int32_t startLength = unicodeLength;
 
   rv = aEncoder->GetMaxLength(unicodeBuf, unicodeLength, &charLength);
   startCharLength = charLength;
   NS_ENSURE_SUCCESS(rv, rv);
 
+  if (!charLength) {
+    // Nothing to write.  Besides, a length 0 string has an immutable buffer, so
+    // attempts to null-terminate it will crash.
+    return NS_OK;
+  }
+
   nsAutoCString charXferString;
   if (!charXferString.SetLength(charLength, fallible_t()))
     return NS_ERROR_OUT_OF_MEMORY;
 
   char* charXferBuf = charXferString.BeginWriting();
   nsresult convert_rv = NS_OK;
 
   do {