Closed Bug 98792 Opened 23 years ago Closed 23 years ago

misuse of nsIAppShellService::UnregisterTopLevelWindow [@ nsAppShellService::UnregisterTopLevelWindow]

Categories

(Core Graveyard :: Cmd-line Features, defect)

Product:
Core Graveyard
Component:
Cmd-line Features
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla0.9.5

People

(Reporter: danm.moz, Assigned: danm.moz)

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(2 files)

fix null parameters to UnregisterTopLevelWindow
3.29 KB, patch
Details | Diff | Splinter Review
better fix for callers sending us a null parameter
3.12 KB, patch
ccarlen
: review+
alecf
: superreview+
Details | Diff | Splinter Review 
I managed to insert a crasher bug by writing code that assumed I was being
handed an actual window in nsAppShellService::UnregisterTopLevelWindow. It turns
out there are two places in Mozilla code that are using the function for its
side effect of quitting the app. This happened to work because I was foolish
enough to to put a null check on Unregister...'s parameter.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.5
Dan, take a look at the code here:
http://lxr.mozilla.org/mozilla/source/xpfe/bootstrap/nsNativeAppSupportWin.cpp#765
Looks like it uses GetMostRecentWindow() and if null, enables the menu so it can
send a -kill command to itself. So, if -kill was invoked that way, we know the
last window is closed. I guess the other possibility is somebody typing "mozilla
-kill" on the command line. Just to keep things consistent, shouldn't we use
GetMostRecentWindow() in the same way was the other place?
right you are. simpler patch attached below.
Comment on attachment 48647 [details] [diff] [review]
better fix for callers sending us a null parameter

r=ccarlen
Attachment #48647 - Flags: review+
Exiting from the turbo systray icon is broken because of the original change; I
had a patch in 88844 but I see it's being handled here.  As Conrad said, the
menuitem will be disabled if there aren't any open windows, so I take it the
added check is just for people calling -kill.  Not sure who'd ever do that, but
it can't hurt, so sr=blake. I'll be sad to see
SOMEBODY_SET_UP_US_THE_NULL_POINTER go.

FYI: the uninstaller and the installer uses the -kill feature.
Comment on attachment 48647 [details] [diff] [review]
better fix for callers sending us a null parameter

sr=alecf
Attachment #48647 - Flags: superreview+
QA Contact: sairuh → jrgm
Patch is in. (oops! I forgot to blame Blake, too, in the review notes.) I already 
miss SOMEBODY_SET_UP_US_THE_NULL_POINTER.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Sorry for the spam guys: just adding keywords and summary changes so that 
talkback can show this one fixed.
Keywords: crash, topcrash
Summary: misuse of nsIAppShellService::UnregisterTopLevelWindow → misuse of nsIAppShellService::UnregisterTopLevelWindow [@ nsAppShellService::UnregisterTopLevelWindow]
Product: Core → Core Graveyard
QA Contact: jrgmorrison → cmd-line
Crash Signature: [@ nsAppShellService::UnregisterTopLevelWindow]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: