From c77acea1923e7a60f4f65233f269abe2c86f68f3 Mon Sep 17 00:00:00 2001
From: "gspencer@google.com"
 <gspencer@google.com@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Mon, 9 May 2011 23:01:25 +0000
Subject: This fixes a NULL dereference when reading malformed history items.

BUG=chromium-os:14992
TEST=Artificially caused failure in reading history item and observed no crash.

Review URL: http://codereview.chromium.org/6969004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84706 0039d316-1c4b-4281-b951-d872f2087c98
---
 webkit/glue/glue_serialize.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'webkit/glue')

diff --git a/webkit/glue/glue_serialize.cc b/webkit/glue/glue_serialize.cc
index df055fe..54ba743 100644
--- a/webkit/glue/glue_serialize.cc
+++ b/webkit/glue/glue_serialize.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -112,10 +112,10 @@ inline void WriteReal(double data, SerializeObject* obj) {
 }
 
 inline double ReadReal(const SerializeObject* obj) {
-  const void* tmp;
+  const void* tmp = NULL;
   int length = 0;
   ReadData(obj, &tmp, &length);
-  if (length > 0 && length >= static_cast<int>(sizeof(0.0)))
+  if (tmp && length > 0 && length >= static_cast<int>(sizeof(0.0)))
     return *static_cast<const double*>(tmp);
   else
     return 0.0;
-- 
cgit v1.1