This is coverity CID 180. Please see the sample URL. Either the |aLine->mFirstChild| null check at line 4877 is unnecessary, or else a null value can be dereferenced at lines 4887 and 4891 (within the call to |HandleOverflowPlaceholdersForPulledFrame|).

Taking over.

Add the null check to the for loop in <http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/layout/generic/nsBlockFrame.cpp&rev=3.842&mark=4178#4178>.

Comment on attachment 273014 [details] [diff] [review] Add the null check Sorry, I should have bounced this review request to roc when it came in. But I think the patch is wrong: aLine->GetChildCount() means it has that many children, so a null-check shouldn't be needed. I think we probably also have the invariant that lines shouldn't be empty, but there might be times in the middle of reflow when that's not true. So I suspect the initial null-check is bogus. But even if it's not, the initial null-check could presumably also be an aLine->GetChildCount() > 0 check, so I don't think there's an inherent inconsistency here.

I agree with (In reply to comment #3) > But I think the patch is wrong: aLine->GetChildCount() means it has that many > children, so a null-check shouldn't be needed. I agree.

Comment on attachment 273014 [details] [diff] [review] Add the null check Marking the patch obsolete based on comment 3 and comment 4.

It seems that the presumed null dereference never happens, so I'm marking this as INVALID.

Needs verification...