From 42a0c93ddc442b0fbd32e03c5f9bd36599b83981 Mon Sep 17 00:00:00 2001
From: Christoph Kerschbaumer <ckerschb@christophkerschbaumer.com>
Date: Thu, 9 Dec 2021 12:09:40 +0000
Subject: [PATCH] Bug 1720280: Avoid NullPtr deref in ImageBlocker::ShouldLoad.
 r=smaug

Differential Revision: https://phabricator.services.mozilla.com/D132923
---
 image/ImageBlocker.cpp | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/image/ImageBlocker.cpp b/image/ImageBlocker.cpp
index b9684d99f27b..eee07589f744 100644
--- a/image/ImageBlocker.cpp
+++ b/image/ImageBlocker.cpp
@@ -20,12 +20,18 @@ ImageBlocker::ShouldLoad(nsIURI* aContentLocation, nsILoadInfo* aLoadInfo,
 
   *aShouldLoad = nsIContentPolicy::ACCEPT;
 
-  // we only want to check http, https, ftp
+  if (!aContentLocation) {
+    // Bug 1720280: Ideally we should block the load, but to avoid a potential
+    // null pointer deref, we return early in this case. Please note that
+    // the ImageBlocker only applies about http/https loads anyway.
+    return NS_OK;
+  }
+
+  // we only want to check http, https
   // for chrome:// and resources and others, no need to check.
   nsAutoCString scheme;
   aContentLocation->GetScheme(scheme);
-  if (!scheme.LowerCaseEqualsLiteral("ftp") &&
-      !scheme.LowerCaseEqualsLiteral("http") &&
+  if (!scheme.LowerCaseEqualsLiteral("http") &&
       !scheme.LowerCaseEqualsLiteral("https")) {
     return NS_OK;
   }