Bug 1517275 - Add a null check before trying to use a controller. r=botond

In test code (which is where this codepath is mostly exercised), the controller should never be null here. However this codepath is sadly also used in production code on Android, and there we might experience a page navigation or a similarly destructive action while the flush is inflight. That can result in a null pointer dereference. Differential Revision: https://phabricator.services.mozilla.com/D15597 --HG-- extra : moz-landing-system : lando
2019-01-03 02:54:35 +00:00 · 2019-01-03 02:54:35 +00:00 · 7c95c21247
--- a/gfx/layers/apz/src/APZCTreeManager.cpp
+++ b/gfx/layers/apz/src/APZCTreeManager.cpp
@ -1130,10 +1130,17 @@ static bool WillHandleInput(const PanGestureOrScrollWheelInput& aPanInput) {
  APZCTM_LOG("Flushing repaints for layers id 0x%" PRIx64 "\n",
             uint64_t(aLayersId));
  RefPtr<GeckoContentController> controller = GetContentController(aLayersId);
+#ifndef MOZ_WIDGET_ANDROID
+  // On Android, this code is run in production and may actually get a nullptr
+  // controller here. On other platforms this code is test-only and should never
+  // get a nullptr.
  MOZ_ASSERT(controller);
-  controller->DispatchToRepaintThread(NewRunnableMethod(
-      "layers::GeckoContentController::NotifyFlushComplete", controller,
-      &GeckoContentController::NotifyFlushComplete));
+#endif
+  if (controller) {
+    controller->DispatchToRepaintThread(NewRunnableMethod(
+        "layers::GeckoContentController::NotifyFlushComplete", controller,
+        &GeckoContentController::NotifyFlushComplete));
+  }
 }

 nsEventStatus APZCTreeManager::ReceiveInputEvent(