Merge 84706 - This fixes a NULL dereference when reading malformed history items.

Approved for merge by zelidrag

BUG=chromium-os:14992
TEST=Artificially caused failure in reading history item and observed no crash.

Review URL: http://codereview.chromium.org/6969004

TBR=gspencer@google.com
Review URL: http://codereview.chromium.org/7004001

git-svn-id: svn://svn.chromium.org/chrome/branches/742/src@84807 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 3 deletions

diff --git a/webkit/glue/glue_serialize.cc b/webkit/glue/glue_serialize.cc
index df055fe..54ba743 100644
--- a/webkit/glue/glue_serialize.cc
+++ b/webkit/glue/glue_serialize.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -112,10 +112,10 @@ inline void WriteReal(double data, SerializeObject* obj) {
 }
 
 inline double ReadReal(const SerializeObject* obj) {
-  const void* tmp;
+  const void* tmp = NULL;
   int length = 0;
   ReadData(obj, &tmp, &length);
-  if (length > 0 && length >= static_cast<int>(sizeof(0.0)))
+  if (tmp && length > 0 && length >= static_cast<int>(sizeof(0.0)))
     return *static_cast<const double*>(tmp);
   else
     return 0.0;