Bug 1173378 - crash in mozilla::net::HttpBaseChannel::OverrideSecurityInfo(nsISupports*), r=ehsan

2024-09-13 09:24:08 -07:00 · 2015-06-17 13:16:33 +02:00 · 2015-06-17 13:16:33 +02:00 · cd886ee3ff
commit cd886ee3ff
parent 23cae26e7c
3 changed files with 37 additions and 11 deletions
--- a/dom/fetch/ChannelInfo.cpp
+++ b/dom/fetch/ChannelInfo.cpp
@ -121,7 +121,10 @@ ChannelInfo::ResurrectInfoOnChannel(nsIChannel* aChannel)
    if (httpChannel) {
      net::HttpBaseChannel* httpBaseChannel =
        static_cast<net::HttpBaseChannel*>(httpChannel.get());
-      httpBaseChannel->OverrideURI(redirectedURI);
+      rv = httpBaseChannel->OverrideURI(redirectedURI);
+      if (NS_WARN_IF(NS_FAILED(rv))) {
+        return rv;
+      }
    } else {
      if (NS_WARN_IF(!jarChannel)) {
        return NS_ERROR_FAILURE;
--- a/netwerk/protocol/http/HttpBaseChannel.cpp
+++ b/netwerk/protocol/http/HttpBaseChannel.cpp
@ -1419,24 +1419,47 @@ HttpBaseChannel::SetRedirectionLimit(uint32_t value)
 nsresult
 HttpBaseChannel::OverrideSecurityInfo(nsISupports* aSecurityInfo)
 {
-  MOZ_RELEASE_ASSERT(!mSecurityInfo,
-                     "This can only be called when we don't have a security info object already");
+  MOZ_ASSERT(!mSecurityInfo,
+             "This can only be called when we don't have a security info object already");
  MOZ_RELEASE_ASSERT(aSecurityInfo,
                     "This can only be called with a valid security info object");
-  MOZ_RELEASE_ASSERT(ShouldIntercept(),
-                     "This can only be called on channels that can be intercepted");
+  MOZ_ASSERT(ShouldIntercept(),
+             "This can only be called on channels that can be intercepted");
+  if (mSecurityInfo) {
+    LOG(("HttpBaseChannel::OverrideSecurityInfo mSecurityInfo is null! "
+         "[this=%p]\n", this));
+    return NS_ERROR_UNEXPECTED;
+  }
+  if (!ShouldIntercept()) {
+    LOG(("HttpBaseChannel::OverrideSecurityInfo channel cannot be intercepted! "
+         "[this=%p]\n", this));
+    return NS_ERROR_UNEXPECTED;
+  }
+
  mSecurityInfo = aSecurityInfo;
  return NS_OK;
 }

-void
+nsresult
 HttpBaseChannel::OverrideURI(nsIURI* aRedirectedURI)
 {
-  MOZ_RELEASE_ASSERT(mLoadFlags & LOAD_REPLACE,
-                     "This can only happen if the LOAD_REPLACE flag is set");
-  MOZ_RELEASE_ASSERT(ShouldIntercept(),
-                     "This can only be called on channels that can be intercepted");
+  MOZ_ASSERT(mLoadFlags & LOAD_REPLACE,
+             "This can only happen if the LOAD_REPLACE flag is set");
+  MOZ_ASSERT(ShouldIntercept(),
+             "This can only be called on channels that can be intercepted");
+  if (!(mLoadFlags & LOAD_REPLACE)) {
+    LOG(("HttpBaseChannel::OverrideURI LOAD_REPLACE flag not set! [this=%p]\n",
+         this));
+    return NS_ERROR_UNEXPECTED;
+  }
+  if (!ShouldIntercept()) {
+    LOG(("HttpBaseChannel::OverrideURI channel cannot be intercepted! "
+         "[this=%p]\n", this));
+    return NS_ERROR_UNEXPECTED;
+  }
+
  mURI = aRedirectedURI;
+  return NS_OK;
 }

 NS_IMETHODIMP
--- a/netwerk/protocol/http/HttpBaseChannel.h
+++ b/netwerk/protocol/http/HttpBaseChannel.h
@ -249,7 +249,7 @@ public:
    const NetAddr& GetPeerAddr() { return mPeerAddr; }

    nsresult OverrideSecurityInfo(nsISupports* aSecurityInfo);
-    void OverrideURI(nsIURI* aRedirectedURI);
+    nsresult OverrideURI(nsIURI* aRedirectedURI);

 public: /* Necko internal use only... */
    bool IsNavigation();