From f2679e0b874303a63e8d07712c00e0d7ba5b8bb6 Mon Sep 17 00:00:00 2001
From: "timeless%mozdev.org" <timeless%mozdev.org>
Date: Wed, 6 Jul 2005 17:47:27 +0000
Subject: [PATCH] Bug 283533 OOM crash [@ XPCIDispatchClassInfo::GetInterfaces]
 patch by b.jacques@planet.nl r=shaver sr=shaver a=bsmedberg

---
 js/src/xpconnect/src/XPCIDispatchClassInfo.cpp | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/js/src/xpconnect/src/XPCIDispatchClassInfo.cpp b/js/src/xpconnect/src/XPCIDispatchClassInfo.cpp
index a93a253fa54..0654c1784dc 100644
--- a/js/src/xpconnect/src/XPCIDispatchClassInfo.cpp
+++ b/js/src/xpconnect/src/XPCIDispatchClassInfo.cpp
@@ -64,14 +64,20 @@ void XPCIDispatchClassInfo::FreeSingleton()
 NS_IMETHODIMP 
 XPCIDispatchClassInfo::GetInterfaces(PRUint32 *count, nsIID * **array)
 {
-    *count = 1;
-    *array = NS_STATIC_CAST(nsIID**, nsMemory::Alloc(1 * sizeof(nsIID*)));
-    if(!*array)
-        return NS_ERROR_OUT_OF_MEMORY;
+    *count = 0;
+    *array = NS_STATIC_CAST(nsIID**, nsMemory::Alloc(sizeof(nsIID*)));
+    NS_ENSURE_TRUE(*array, NS_ERROR_OUT_OF_MEMORY);
 
     **array = NS_STATIC_CAST(nsIID *, nsMemory::Clone(&NSID_IDISPATCH,
                                                       sizeof(NSID_IDISPATCH)));
+    if(!**array)
+    {
+        nsMemory::Free(*array);
+        *array = nsnull;
+        return NS_ERROR_OUT_OF_MEMORY;
+    }
 
+    *count = 1;
     return NS_OK;
 }