Bug 1720280: Avoid NullPtr deref in ImageBlocker::ShouldLoad. r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D132923
2021-12-09 12:09:40 +00:00 · 2021-12-09 12:09:40 +00:00 · 42a0c93ddc
--- a/image/ImageBlocker.cpp
+++ b/image/ImageBlocker.cpp
@ -20,12 +20,18 @@ ImageBlocker::ShouldLoad(nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,

  *aShouldLoad = nsIContentPolicy::ACCEPT;

-  // we only want to check http, https, ftp
+  if (!aContentLocation) {
+    // Bug 1720280: Ideally we should block the load, but to avoid a potential
+    // null pointer deref, we return early in this case. Please note that
+    // the ImageBlocker only applies about http/https loads anyway.
+    return NS_OK;
+  }
+
+  // we only want to check http, https
  // for chrome:// and resources and others, no need to check.
  nsAutoCString scheme;
  aContentLocation->GetScheme(scheme);
-  if (!scheme.LowerCaseEqualsLiteral("ftp") &&
-      !scheme.LowerCaseEqualsLiteral("http") &&
+  if (!scheme.LowerCaseEqualsLiteral("http") &&
      !scheme.LowerCaseEqualsLiteral("https")) {
    return NS_OK;
  }