commit 612ae46e1344327c495cec13fd756807c22ff826 Author: Kathy Brade brade@pearlcrescent.com Date: Thu Jun 18 13:38:35 2015 -0400
fixup! Bug 12827: Create preference to disable SVG.
If an <object> is used to load an SVG from a .xml file, avoid dereferencing null pointers when script elements are created as generic elements (i.e., when svg.in-content.enabled=false). Fixes ticket #16397. --- content/xml/document/src/nsXMLContentSink.cpp | 12 +++++++++--- content/xml/document/src/nsXMLFragmentContentSink.cpp | 4 ++-- dom/xslt/xslt/txMozillaXMLOutput.cpp | 15 ++++++++------- parser/html/nsHtml5TreeOpExecutor.cpp | 2 ++ 4 files changed, 21 insertions(+), 12 deletions(-)
diff --git a/content/xml/document/src/nsXMLContentSink.cpp b/content/xml/document/src/nsXMLContentSink.cpp index 104d80a..57ee45a 100644 --- a/content/xml/document/src/nsXMLContentSink.cpp +++ b/content/xml/document/src/nsXMLContentSink.cpp @@ -471,8 +471,10 @@ nsXMLContentSink::CreateElement(const char16_t** aAtts, uint32_t aAttsCount, || aNodeInfo->Equals(nsGkAtoms::script, kNameSpaceID_SVG) ) { nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(content); - sele->SetScriptLineNumber(aLineNumber); - sele->SetCreatorParser(GetParser()); + if (sele) { + sele->SetScriptLineNumber(aLineNumber); + sele->SetCreatorParser(GetParser()); + } mConstrainSize = false; }
@@ -554,13 +556,17 @@ nsXMLContentSink::CloseElement(nsIContent* aContent) nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aContent);
if (mPreventScriptExecution) { - sele->PreventExecution(); + if (sele) + sele->PreventExecution(); return NS_OK; }
// Always check the clock in nsContentSink right after a script StopDeflecting();
+ if (!sele) + return NS_OK; + // Now tell the script that it's ready to go. This may execute the script // or return true, or neither if the script doesn't need executing. bool block = sele->AttemptToExecute(); diff --git a/content/xml/document/src/nsXMLFragmentContentSink.cpp b/content/xml/document/src/nsXMLFragmentContentSink.cpp index 738a769..29dd1a3 100644 --- a/content/xml/document/src/nsXMLFragmentContentSink.cpp +++ b/content/xml/document/src/nsXMLFragmentContentSink.cpp @@ -229,8 +229,8 @@ nsXMLFragmentContentSink::CloseElement(nsIContent* aContent) if (mPreventScriptExecution && aContent->Tag() == nsGkAtoms::script && (aContent->IsHTML() || aContent->IsSVG())) { nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aContent); - NS_ASSERTION(sele, "script did QI correctly!"); - sele->PreventExecution(); + if (sele) + sele->PreventExecution(); } return NS_OK; } diff --git a/dom/xslt/xslt/txMozillaXMLOutput.cpp b/dom/xslt/xslt/txMozillaXMLOutput.cpp index 6b95345..45b8579 100644 --- a/dom/xslt/xslt/txMozillaXMLOutput.cpp +++ b/dom/xslt/xslt/txMozillaXMLOutput.cpp @@ -299,13 +299,14 @@ txMozillaXMLOutput::endElement() } else if ((ns == kNameSpaceID_XHTML || ns == kNameSpaceID_SVG) && localName == nsGkAtoms::script) { nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(element); - NS_ABORT_IF_FALSE(sele, "script elements need to implement nsIScriptElement"); - bool block = sele->AttemptToExecute(); - // If the act of insertion evaluated the script, we're fine. - // Else, add this script element to the array of loading scripts. - if (block) { - rv = mNotifier->AddScriptElement(sele); - NS_ENSURE_SUCCESS(rv, rv); + if (sele) { + bool block = sele->AttemptToExecute(); + // If the act of insertion evaluated the script, we're fine. + // Else, add this script element to the array of loading scripts. + if (block) { + rv = mNotifier->AddScriptElement(sele); + NS_ENSURE_SUCCESS(rv, rv); + } } } else if (ns == kNameSpaceID_XHTML && (localName == nsGkAtoms::input || diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp index 6c52e5f..fb377bd 100644 --- a/parser/html/nsHtml5TreeOpExecutor.cpp +++ b/parser/html/nsHtml5TreeOpExecutor.cpp @@ -636,6 +636,8 @@ nsHtml5TreeOpExecutor::RunScript(nsIContent* aScriptElement)
NS_ASSERTION(aScriptElement, "No script to run"); nsCOMPtr<nsIScriptElement> sele = do_QueryInterface(aScriptElement); + if (!sele) + return;
if (!mParser) { NS_ASSERTION(sele->IsMalformed(), "Script wasn't marked as malformed.");
tbb-commits@lists.torproject.org