287504 - null pointer dereference [@ nsCSSCompressedDataBlock::MapRuleInfoInto]

Status: RESOLVED FIXED

(Core :: CSS Parsing and Computation, defect, P2)

Description

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

There are null pointer dereferences showing up in talkback as
nsCSSCompressedDataBlock::MapRuleInfoInto where the problem is that the
nsCSSCompressedDataBlock in question is null, and it's called from
CSSImportantRule::MapRuleInfoInto.  This bug covers ONLY THOSE CRASHES.

I've been thinking about why this could happen.  The only possibility I've found
so far is that on some out-of-memory cases we'll leave a changed style rule
present even though they're supposed to be immutable.  In these cases, it might
still have an important rule even though it's no longer supposed to.

Comment 1

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Attachment: null check for potential OOM crasher

This also has a little cleanup of GetImportantRule, such that it would also fix
the crash if there were a logic problem that would cause the assertion that I
added to fire.

Comment 2

[Boris Zbarsky [:bzbarsky]]

Comment on attachment 178447 [details] [diff] [review]
null check for potential OOM crasher

r+sr=bzbarsky

Comment 3

[David Baron :dbaron: (⌚️UTC-4, no longer working on Mozilla)]

Checked in 2005-03-24 20:09 -0800.  Optimistically marking fixed.