gecko: changeset 799478:0171c09c6a591ca02d8eab2178e945fab36a050d

author	Alex Gaynor <agaynor@mozilla.com>
	Thu, 24 May 2018 15:30:32 -0400
changeset 799478	0171c09c6a591ca02d8eab2178e945fab36a050d
parent 799392	ff8505d177b9fcba44b040ccd9b6bb709e238e84
push id	111076
push user	bmo:agaynor@mozilla.com
push date	Thu, 24 May 2018 19:31:53 +0000
reviewers	jimm
bugs	1464194
milestone	62.0a1

Bug 1464194 - don't crash in ContentParent::RecvAllocateLayerTreeId if the content parent ID doesn't exist; r?jimm MozReview-Commit-ID: FQxcTj3phIV

--- a/dom/ipc/ContentParent.cpp
+++ b/dom/ipc/ContentParent.cpp
@@ -1594,17 +1594,18 @@ mozilla::ipc::IPCResult
 ContentParent::RecvAllocateLayerTreeId(const ContentParentId& aCpId,
                                        const TabId& aTabId, layers::LayersId* aId)
 {
   // Protect against spoofing by a compromised child. aCpId must either
   // correspond to the process that this ContentParent represents or be a
   // child of it.
   ContentProcessManager* cpm = ContentProcessManager::GetSingleton();
   RefPtr<ContentParent> contentParent = cpm->GetContentProcessById(aCpId);
-  if (ChildID() != aCpId && !contentParent->CanCommunicateWith(ChildID())) {
+  if (!contentParent ||
+      (ChildID() != aCpId && !contentParent->CanCommunicateWith(ChildID()))) {
     return IPC_FAIL_NO_REASON(this);
   }
 
   // GetTopLevelTabParentByProcessAndTabId will make sure that aTabId
   // lives in the process for aCpId.
   RefPtr<TabParent> browserParent =
     cpm->GetTopLevelTabParentByProcessAndTabId(aCpId, aTabId);
   MOZ_ASSERT(contentParent && browserParent);