From cca738e986de696cbd414a9d35209d6aa166ae5e Mon Sep 17 00:00:00 2001
From: Moonchild <moonchild@palemoon.org>
Date: Wed, 3 Feb 2021 11:10:44 +0000
Subject: Issue #1515 - Add null check to nsCSSFrameConstructor::IsValidSibling

With the changes to layout for WebComponents, it is now apparently possible to
pass in null for frame tree items to this function, which would cause a null
deref crash if not checked.
---
 layout/base/nsCSSFrameConstructor.cpp | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'layout')

diff --git a/layout/base/nsCSSFrameConstructor.cpp b/layout/base/nsCSSFrameConstructor.cpp
index 2cc5ec818..b40e6f8b6 100644
--- a/layout/base/nsCSSFrameConstructor.cpp
+++ b/layout/base/nsCSSFrameConstructor.cpp
@@ -6464,6 +6464,11 @@ nsCSSFrameConstructor::IsValidSibling(nsIFrame*              aSibling,
                                       nsIContent*            aContent,
                                       StyleDisplay&          aDisplay)
 {
+  if (!aSibling || !aContent) {
+    // If either of these are null, no sane comparison can be made.
+    return false;
+  }
+  
   nsIFrame* parentFrame = aSibling->GetParent();
   nsIAtom* parentType = parentFrame->GetType();
 
-- 
cgit v1.2.3