Bug 336983 OOM crash [@ ConvertHTMLtoUCS2] unicodeData Pointer allocated by nsMemory::Alloc dereferenced without NULL check

r=bz sr=bz
2006-05-11 13:24:42 +00:00 · 2006-05-11 13:24:42 +00:00 · 5327b587c9
--- a/widget/src/gtk2/nsClipboard.cpp
+++ b/widget/src/gtk2/nsClipboard.cpp
@ -625,7 +625,7 @@ void ConvertHTMLtoUCS2(guchar * data, PRInt32 dataLength,
        *unicodeData = NS_REINTERPRET_CAST(PRUnichar*,
                       nsMemory::Alloc((outUnicodeLen + sizeof('\0')) *
                       sizeof(PRUnichar)));
-        if (unicodeData) {
+        if (*unicodeData) {
            memcpy(*unicodeData, data + sizeof(PRUnichar),
                   outUnicodeLen * sizeof(PRUnichar));
            (*unicodeData)[outUnicodeLen] = '\0';
@ -662,7 +662,7 @@ void ConvertHTMLtoUCS2(guchar * data, PRInt32 dataLength,
            *unicodeData = NS_REINTERPRET_CAST(PRUnichar*,
                           nsMemory::Alloc((outUnicodeLen + sizeof('\0')) *
                           sizeof(PRUnichar)));
-            if (unicodeData) {
+            if (*unicodeData) {
                PRInt32 numberTmp = dataLength;
                decoder->Convert((const char *)data, &numberTmp,
                                 *unicodeData, &outUnicodeLen);