From cb8376ea0af23d326330804176adf79efb67da27 Mon Sep 17 00:00:00 2001 From: Shawn Wilsher Date: Fri, 22 May 2009 19:08:29 -0400 Subject: [PATCH] Bug 494453 - Crash when accessing sessionStorage object from chrome. This fixes a crash when accessing sessionStorage from a chrome window due to NS_InnermostURI getting called with a null URI (namely, the system principals URI which is null). r=bz sr=bz --- dom/src/storage/nsDOMStorage.cpp | 57 ++++++++++++++++++-------------- 1 file changed, 33 insertions(+), 24 deletions(-) diff --git a/dom/src/storage/nsDOMStorage.cpp b/dom/src/storage/nsDOMStorage.cpp index 22549fb4d79..6ef638e0e00 100644 --- a/dom/src/storage/nsDOMStorage.cpp +++ b/dom/src/storage/nsDOMStorage.cpp @@ -577,20 +577,40 @@ nsDOMStorage::~nsDOMStorage() nsDOMStorageManager::gStorageManager->RemoveFromStoragesHash(this); } +static +nsresult +GetDomainURI(nsIPrincipal *aPrincipal, nsIURI **_domain) +{ + nsCOMPtr uri; + nsresult rv = aPrincipal->GetURI(getter_AddRefs(uri)); + NS_ENSURE_SUCCESS(rv, rv); + + // Check if we really got any URI. System principal doesn't return a URI + // instance and we would crash in NS_GetInnermostURI below. + if (!uri) + return NS_ERROR_NOT_AVAILABLE; + + nsCOMPtr innerURI = NS_GetInnermostURI(uri); + if (!innerURI) + return NS_ERROR_UNEXPECTED; + innerURI.forget(_domain); + + return NS_OK; +} + nsresult nsDOMStorage::InitAsSessionStorage(nsIPrincipal *aPrincipal) { - nsresult rv; - - nsCOMPtr uri; - rv = aPrincipal->GetURI(getter_AddRefs(uri)); + nsCOMPtr domainURI; + nsresult rv = GetDomainURI(aPrincipal, getter_AddRefs(domainURI)); NS_ENSURE_SUCCESS(rv, rv); - nsCOMPtr innerUri = NS_GetInnermostURI(uri); - if (!innerUri) - return NS_ERROR_UNEXPECTED; - - innerUri->GetAsciiHost(mDomain); + // No need to check for a return value. If this would fail we would not get + // here as we call GetPrincipalURIAndHost (nsDOMStorage.cpp:88) from + // nsDOMStorage::CanUseStorage before we query the storage manager for a new + // sessionStorage. It calls GetAsciiHost on innermost URI. If it fails, we + // won't get to InitAsSessionStorage. + domainURI->GetAsciiHost(mDomain); #ifdef MOZ_STORAGE mUseDB = PR_FALSE; @@ -603,31 +623,20 @@ nsDOMStorage::InitAsSessionStorage(nsIPrincipal *aPrincipal) nsresult nsDOMStorage::InitAsLocalStorage(nsIPrincipal *aPrincipal) { - nsresult rv; - - nsCOMPtr uri; - rv = aPrincipal->GetURI(getter_AddRefs(uri)); + nsCOMPtr domainURI; + nsresult rv = GetDomainURI(aPrincipal, getter_AddRefs(domainURI)); NS_ENSURE_SUCCESS(rv, rv); - // Check if we really got any URI. System principal doesn't return a URI - // instance and we would crash in NS_GetInnermostURI bellow. - if (!uri) - return NS_ERROR_NOT_AVAILABLE; - - nsCOMPtr innerUri = NS_GetInnermostURI(uri); - if (!innerUri) - return NS_ERROR_UNEXPECTED; - // No need to check for a return value. If this would fail we would not get // here as we call GetPrincipalURIAndHost (nsDOMStorage.cpp:88) from // nsDOMStorage::CanUseStorage before we query the storage manager for a new // localStorage. It calls GetAsciiHost on innermost URI. If it fails, we won't // get to InitAsLocalStorage. Actually, mDomain will get replaced with // mPrincipal in bug 455070. It is not even used for localStorage. - innerUri->GetAsciiHost(mDomain); + domainURI->GetAsciiHost(mDomain); #ifdef MOZ_STORAGE - nsDOMStorageDBWrapper::CreateOriginScopeDBKey(innerUri, mScopeDBKey); + nsDOMStorageDBWrapper::CreateOriginScopeDBKey(domainURI, mScopeDBKey); // XXX Bug 357323, we have to solve the issue how to define // origin for file URLs. In that case CreateOriginScopeDBKey