Created attachment 8601238 [details] test (crashes Firefox) The attachment will crash Firefox with a null pointer dereference if the Font Loading API is enabled (as it is currently on Nightly/Aurora).
This is because we're parsing the font descriptor values passing null for the sheet URI. The sheet URI gets stored in the URLValue, and then copied into the gfxFontFaceSrc object, where its operator== assumes that it is non-null.
Created attachment 8601252 [details] [diff] [review] patch
Comment on attachment 8601252 [details] [diff] [review] patch Maybe call the variable docURI instead of just uri? r=dbaron