From 62f0bd3e332777e127394ca9c6f9d87ba5c75693 Mon Sep 17 00:00:00 2001 From: Nicholas Nethercote Date: Fri, 27 May 2016 09:49:25 +1000 Subject: [PATCH] Bug 1272203 (part 3) - Use NotNull in nsContentUtils::GetSurfaceData(). r=froydnj. This might not look compelling in isolation, but this use of NotNull would have prevented the null dereference crash in bug 1268721. --- dom/base/nsContentUtils.cpp | 8 +++++--- dom/base/nsContentUtils.h | 6 ++++-- widget/PuppetWidget.cpp | 2 +- widget/nsDragServiceProxy.cpp | 3 ++- 4 files changed, 12 insertions(+), 7 deletions(-) diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 913e30445489..d47085f5da49 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -7424,7 +7424,8 @@ nsContentUtils::TransferableToIPCTransferable(nsITransferable* aTransferable, size_t length; int32_t stride; mozilla::UniquePtr surfaceData = - nsContentUtils::GetSurfaceData(dataSurface, &length, &stride); + nsContentUtils::GetSurfaceData(WrapNotNull(dataSurface), &length, + &stride); IPCDataTransferItem* item = aIPCDataTransfer->items().AppendElement(); item->flavor() = flavorStr; @@ -7528,8 +7529,9 @@ nsContentUtils::TransferableToIPCTransferable(nsITransferable* aTransferable, } mozilla::UniquePtr -nsContentUtils::GetSurfaceData(mozilla::gfx::DataSourceSurface* aSurface, - size_t* aLength, int32_t* aStride) +nsContentUtils::GetSurfaceData( + NotNull aSurface, + size_t* aLength, int32_t* aStride) { mozilla::gfx::DataSourceSurface::MappedSurface map; if (NS_WARN_IF(!aSurface->Map(mozilla::gfx::DataSourceSurface::MapType::READ, &map))) { diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h index 3fe0027f920a..214b2ed1f445 100644 --- a/dom/base/nsContentUtils.h +++ b/dom/base/nsContentUtils.h @@ -32,6 +32,7 @@ #include "mozilla/FloatingPoint.h" #include "mozilla/net/ReferrerPolicy.h" #include "mozilla/Logging.h" +#include "mozilla/NotNull.h" #include "nsIContentPolicy.h" #if defined(XP_WIN) @@ -2432,8 +2433,9 @@ public: * Get the pixel data from the given source surface and return it as a buffer. * The length and stride will be assigned from the surface. */ - static mozilla::UniquePtr GetSurfaceData(mozilla::gfx::DataSourceSurface* aSurface, - size_t* aLength, int32_t* aStride); + static mozilla::UniquePtr GetSurfaceData( + mozilla::NotNull aSurface, + size_t* aLength, int32_t* aStride); // Helpers shared by the implementations of nsContentUtils methods and // nsIDOMWindowUtils methods. diff --git a/widget/PuppetWidget.cpp b/widget/PuppetWidget.cpp index b3f45b6dccce..c2a5a732a4de 100644 --- a/widget/PuppetWidget.cpp +++ b/widget/PuppetWidget.cpp @@ -990,7 +990,7 @@ PuppetWidget::SetCursor(imgIContainer* aCursor, size_t length; int32_t stride; mozilla::UniquePtr surfaceData = - nsContentUtils::GetSurfaceData(dataSurface, &length, &stride); + nsContentUtils::GetSurfaceData(WrapNotNull(dataSurface), &length, &stride); nsDependentCString cursorData(surfaceData.get(), length); mozilla::gfx::IntSize size = dataSurface->GetSize(); diff --git a/widget/nsDragServiceProxy.cpp b/widget/nsDragServiceProxy.cpp index 32946f7438a6..004b7648d296 100644 --- a/widget/nsDragServiceProxy.cpp +++ b/widget/nsDragServiceProxy.cpp @@ -55,7 +55,8 @@ nsDragServiceProxy::InvokeDragSessionImpl(nsISupportsArray* aArrayTransferables, size_t length; int32_t stride; mozilla::UniquePtr surfaceData = - nsContentUtils::GetSurfaceData(dataSurface, &length, &stride); + nsContentUtils::GetSurfaceData(WrapNotNull(dataSurface), &length, + &stride); nsDependentCString dragImage(surfaceData.get(), length); mozilla::Unused <<