From b378ddaace9e745e9b4a856eb06679e5e8fa07f5 Mon Sep 17 00:00:00 2001
From: Bas Schouten <bschouten@mozilla.com>
Date: Tue, 5 May 2020 23:22:19 +0000
Subject: Prevent the existance of dangling pointers upon failure of
 FindDataStart.

---
 modules/libjar/nsZipArchive.cpp | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'modules')

diff --git a/modules/libjar/nsZipArchive.cpp b/modules/libjar/nsZipArchive.cpp
index 841503ebf..2f12af5f0 100644
--- a/modules/libjar/nsZipArchive.cpp
+++ b/modules/libjar/nsZipArchive.cpp
@@ -217,16 +217,17 @@ nsresult nsZipHandle::Init(nsIFile *file, nsZipHandle **ret,
 #else
   handle->mNSPRFileDesc = fd.forget();
 #endif
-  handle->mMap = map;
   handle->mFile.Init(file);
   handle->mTotalLen = (uint32_t) size;
   handle->mFileStart = buf;
   rv = handle->findDataStart();
   if (NS_FAILED(rv)) {
     PR_MemUnmap(buf, (uint32_t) size);
+    handle->mFileStart = nullptr;
     PR_CloseFileMap(map);
     return rv;
   }
+  handle->mMap = map;
   handle.forget(ret);
   return NS_OK;
 }
-- 
cgit v1.2.3