Bug 1667977 - Safely return null if we fail to get a shared-mem block in Pointer::ToPtr. r=jwatt

Differential Revision: https://phabricator.services.mozilla.com/D108089

gfx/thebes/SharedFontList.cpp

@@ -45,7 +45,8 @@ void* Pointer::ToPtr(FontList* aFontList) const {
   // If the Pointer refers to a block we have not yet mapped in this process,
   // we first need to retrieve new block handle(s) from the parent and update
   // our mBlocks list.
-  if (block >= aFontList->mBlocks.Length()) {
+  auto& blocks = aFontList->mBlocks;
+  if (block >= blocks.Length()) {
     if (XRE_IsParentProcess()) {
       // Shouldn't happen! A content process tried to pass a bad Pointer?
       return nullptr;
@@ -61,9 +62,18 @@ void* Pointer::ToPtr(FontList* aFontList) const {
     if (!NS_IsMainThread() || !aFontList->UpdateShmBlocks()) {
       return nullptr;
     }
-    MOZ_ASSERT(block < aFontList->mBlocks.Length());
+    MOZ_ASSERT(block < blocks.Length(), "failure in UpdateShmBlocks?");
+    // This is wallpapering bug 1667977; it's unclear if we will always survive
+    // this, as the content process may be unable to shape/render text if all
+    // font lookups are failing.
+    // In at least some cases, however, this can occur transiently while the
+    // font list is being rebuilt by the parent; content will then be notified
+    // that the list has changed, and should refresh everything successfully.
+    if (block >= blocks.Length()) {
+      return nullptr;
+    }
   }
-  return static_cast<char*>(aFontList->mBlocks[block]->Memory()) + Offset();
+  return static_cast<char*>(blocks[block]->Memory()) + Offset();
 }
 
 void String::Assign(const nsACString& aString, FontList* aList) {