Bug 1454140: Invalid URLs with ref also exist. r?heycam
MozReview-Commit-ID: HsH3ERcTeLm
new file mode 100644
--- /dev/null
+++ b/layout/style/crashtests/1454140.html
@@ -0,0 +1,4 @@
+<!-- A -->
+<table background="
+#"><base href=Y:
+<!-- A -->
--- a/layout/style/crashtests/crashtests.list
+++ b/layout/style/crashtests/crashtests.list
@@ -267,8 +267,9 @@ load 1418059.html
test-pref(dom.animations-api.core.enabled,true) load 1418867.html
pref(dom.webcomponents.shadowdom.enabled,true) load 1419554.html
load 1426312.html
load 1439793.html
load 1409183.html
pref(dom.webcomponents.shadowdom.enabled,true) load 1445682.html
load 1450691.html
pref(dom.webcomponents.shadowdom.enabled,true) load 1453206.html
+load 1454140.html
--- a/layout/style/nsStyleStruct.cpp
+++ b/layout/style/nsStyleStruct.cpp
@@ -2170,18 +2170,22 @@ nsStyleImageRequest::Resolve(
mResolved = true;
nsIDocument* doc = aPresContext->Document();
nsIURI* docURI = doc->GetDocumentURI();
if (GetImageValue()->HasRef()) {
bool isEqualExceptRef = false;
RefPtr<nsIURI> imageURI = GetImageURI();
- imageURI->EqualsExceptRef(docURI, &isEqualExceptRef);
- if (isEqualExceptRef) {
+ if (!imageURI) {
+ return false;
+ }
+
+ if (NS_SUCCEEDED(imageURI->EqualsExceptRef(docURI, &isEqualExceptRef)) &&
+ isEqualExceptRef) {
// Prevent loading an internal resource.
return true;
}
}
// TODO(emilio, bug 1440442): This is a hackaround to avoid flickering due the
// lack of non-http image caching in imagelib (bug 1406134), which causes
// stuff like bug 1439285. Cleanest fix if that doesn't get fixed is bug