Bug 319453, r=vladimir: Bounds check GetBlob, return NULL if 0 size.

storage/public/mozIStorageValueArray.idl

@@ -85,6 +85,8 @@ interface mozIStorageValueArray : nsISupports {
   double getDouble(in unsigned long aIndex);
   AUTF8String getUTF8String(in unsigned long aIndex);
   AString getString(in unsigned long aIndex);
+
+  // data will be NULL if dataSize = 0
   void getBlob(in unsigned long aIndex, out unsigned long aDataSize, [array,size_is(aDataSize)] out octet aData);
   boolean getIsNull(in unsigned long aIndex);
 

storage/src/mozStorageStatement.cpp

@@ -634,6 +634,12 @@ mozStorageStatement::GetBlob(PRUint32 aIndex, PRUint32 *aDataSize, PRUint8 **aDa
         return NS_ERROR_FAILURE;
 
     int blobsize = sqlite3_column_bytes (mDBStatement, aIndex);
+    if (blobsize == 0) {
+      // empty column
+      *aData = nsnull;
+      *aDataSize = 0;
+      return NS_OK;
+    }
     const void *blob = sqlite3_column_blob (mDBStatement, aIndex);
 
     void *blobcopy = nsMemory::Clone(blob, blobsize);