From 7d9e2a108478d1fc79aa25b2ac56b62249e31dc5 Mon Sep 17 00:00:00 2001
From: "Matt A. Tobin" <email@mattatobin.com>
Date: Sat, 2 Jun 2018 09:44:18 -0400
Subject: Add a check to prevent a crash when CSP directives are used with
 chrome content

Chrome content uses System Principle and this kind of speculative preloading of CSP just won't work.
---
 parser/html/nsHtml5TreeOpExecutor.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/parser/html/nsHtml5TreeOpExecutor.cpp b/parser/html/nsHtml5TreeOpExecutor.cpp
index b0eabb13d..468449698 100644
--- a/parser/html/nsHtml5TreeOpExecutor.cpp
+++ b/parser/html/nsHtml5TreeOpExecutor.cpp
@@ -1041,12 +1041,17 @@ nsHtml5TreeOpExecutor::AddSpeculationCSP(const nsAString& aCSP)
 
   NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
 
-  nsIPrincipal* principal = mDocument->NodePrincipal();
+  nsCOMPtr<nsIPrincipal> principal = mDocument->NodePrincipal();
   nsCOMPtr<nsIContentSecurityPolicy> preloadCsp;
   nsCOMPtr<nsIDOMDocument> domDoc = do_QueryInterface(mDocument);
   nsresult rv = principal->EnsurePreloadCSP(domDoc, getter_AddRefs(preloadCsp));
   NS_ENSURE_SUCCESS_VOID(rv);
 
+  if (!preloadCsp) {
+    // XXX: System principals can't preload CSP. We're done here.
+    return;
+  }
+
   // please note that meta CSPs and CSPs delivered through a header need
   // to be joined together.
   rv = preloadCsp->AppendPolicy(aCSP,
-- 
cgit v1.2.3