Bug 1251253 - prevent null pointer dereference of |aContext| in CacheStorageService::DoomStorageEntries. r?mayhemer
MozReview-Commit-ID: BmXXg4eW25n
--- a/netwerk/cache2/CacheStorageService.cpp
+++ b/netwerk/cache2/CacheStorageService.cpp
@@ -1794,25 +1794,29 @@ CacheStorageService::DoomStorageEntries(
RemoveExactEntry(diskEntries, iter.Key(), entry, false);
}
}
}
{
mozilla::MutexAutoLock lock(mForcedValidEntriesLock);
- for (auto iter = mForcedValidEntries.Iter(); !iter.Done(); iter.Next()) {
- bool matches;
- DebugOnly<nsresult> rv = CacheFileUtils::KeyMatchesLoadContextInfo(
- iter.Key(), aContext, &matches);
- MOZ_ASSERT(NS_SUCCEEDED(rv));
+ if (aContext) {
+ for (auto iter = mForcedValidEntries.Iter(); !iter.Done(); iter.Next()) {
+ bool matches;
+ DebugOnly<nsresult> rv = CacheFileUtils::KeyMatchesLoadContextInfo(
+ iter.Key(), aContext, &matches);
+ MOZ_ASSERT(NS_SUCCEEDED(rv));
- if (matches) {
- iter.Remove();
+ if (matches) {
+ iter.Remove();
+ }
}
+ } else {
+ mForcedValidEntries.Clear();
}
}
// An artificial callback. This is a candidate for removal tho. In the new
// cache any 'doom' or 'evict' function ensures that the entry or entries
// being doomed is/are not accessible after the function returns. So there is
// probably no need for a callback - has no meaning. But for compatibility
// with the old cache that is still in the tree we keep the API similar to be