Bug 1368327 - Do not assert aDocShell in Location, since it's actually possible to be nullptr. r?smaug
MozReview-Commit-ID: ArqkI8TUf8r
--- a/dom/base/Location.cpp
+++ b/dom/base/Location.cpp
@@ -37,19 +37,19 @@
#include "mozilla/dom/ScriptSettings.h"
namespace mozilla {
namespace dom {
Location::Location(nsPIDOMWindowInner* aWindow, nsIDocShell *aDocShell)
: mInnerWindow(aWindow)
{
- MOZ_ASSERT(aDocShell);
MOZ_ASSERT(mInnerWindow->IsInnerWindow());
+ // aDocShell can be null if it gets called after nsDocShell::Destory().
mDocShell = do_GetWeakReference(aDocShell);
}
Location::~Location()
{
}
// QueryInterface implementation for Location
new file mode 100644
--- /dev/null
+++ b/dom/base/crashtests/1368327-iframe.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+ <head>
+ <meta charset="utf-8">
+ <title>iframe</title>
+ </head>
+ <body>
+ <p><h1>iframe</h1></p>
+ </body>
+</html>
new file mode 100644
--- /dev/null
+++ b/dom/base/crashtests/1368327.html
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html class="reftest-wait">
+ <head>
+ <meta charset="utf-8">
+ <title>Test window.location</title>
+ <script type="application/javascript">
+ function test() {
+ content = document.querySelector("#content");
+ testFrame = document.querySelector("#testframe");
+ frameWindow = testFrame.contentWindow;
+ testframe.remove();
+
+ // Shouldn't crash at this line.
+ content.textContent = "location=" + frameWindow.location;
+
+ document.documentElement.className = "";
+ }
+ </script>
+ </head>
+ <body>
+ <p id="content"></p>
+ <iframe id="testframe" src="1368327-iframe.html" onload="setTimeout(test, 0);"></iframe>
+ </body>
+</html>
--- a/dom/base/crashtests/crashtests.list
+++ b/dom/base/crashtests/crashtests.list
@@ -205,16 +205,17 @@ load 1230422.html
load 1251361.html
load 1304437.html
pref(dom.IntersectionObserver.enabled,true) load 1324209.html
pref(dom.IntersectionObserver.enabled,true) load 1326194-1.html
pref(dom.IntersectionObserver.enabled,true) load 1326194-2.html
pref(dom.IntersectionObserver.enabled,true) load 1332939.html
pref(dom.webcomponents.enabled,true) load 1341693.html
pref(dom.IntersectionObserver.enabled,true) load 1353529.xul
+load 1368327.html
pref(dom.IntersectionObserver.enabled,true) load 1369363.xul
load 1370072.html
pref(clipboard.autocopy,true) load 1370737.html
pref(dom.IntersectionObserver.enabled,true) load 1370968.html
load 1377826.html
skip-if(stylo&&isDebugBuild&&winWidget) load structured_clone_container_throws.html # Bug 1383845
HTTP(..) load xhr_abortinprogress.html
load xhr_empty_datauri.html
