Closed
Bug 129628
Opened 22 years ago
Closed 22 years ago
Crash in nsFrameManager::Destroy
Categories
(Core :: Layout, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.0
People
(Reporter: aaronlev, Assigned: aaronlev)
Details
(Keywords: access, crash, topembed+)
Attachments
(1 file, 1 obsolete file)
1.54 KB,
patch
|
aaronlev
:
review+
shaver
:
superreview+
asa
:
approval+
|
Details | Diff | Splinter Review |
Sometimes GetPrimaryFrameFor to be called during the destruction phase of the frame manager. This causes it to return an invalid pointer to a frame. GetPrimaryFrameFor needs to check a flag, and return early if the frame manager is in the middle of it's destruction phase. This is the Bugzilla equivalent of Bugscape 12117 (http://bugscape/show_bug.cgi?id=12117), that had been reported by AOL's accessibility testers.
Assignee | ||
Updated•22 years ago
|
Assignee | ||
Comment 1•22 years ago
|
||
Rather than reorder the destruction, this plays it safe and uses a flag mIsDestroyingFrames. The flag is checked at the start of GetPrimaryFrameFor
Comment on attachment 73142 [details] [diff] [review] Checks flag to see if destruction phase make cause GPFF to return invalid pointer The following is unnecessary: -FrameManager::FrameManager() +FrameManager::FrameManager() : mIsDestroyingFrames(PR_FALSE) since FrameManager uses ZEROING_OPERATOR_NEW, but other than that, r=dbaron.
Attachment #73142 -
Flags: review+
Comment 3•22 years ago
|
||
PropertyList* mPropertyList; nsCOMPtr<nsIContentList> mHTMLForms; nsCOMPtr<nsIContentList> mHTMLFormControls; + PRBool mIsDestroyingFrames; Indentation so the new member name starts in the same column as the existing ones doesn't hurt. /be
Assignee | ||
Comment 4•22 years ago
|
||
This should still have dbaron's r= on it.
Attachment #73142 -
Attachment is obsolete: true
Assignee | ||
Comment 5•22 years ago
|
||
Comment on attachment 73224 [details] [diff] [review] Contains dbaron's and brendan's tweaks Carrying over r= from dbaron
Attachment #73224 -
Flags: review+
Updated•22 years ago
|
Comment on attachment 73224 [details] [diff] [review] Contains dbaron's and brendan's tweaks sr=shaver.
Attachment #73224 -
Flags: superreview+
Comment 7•22 years ago
|
||
Comment on attachment 73224 [details] [diff] [review] Contains dbaron's and brendan's tweaks a=asa (on behalf of drivers) for checkin to the 1.0 trunk
Attachment #73224 -
Flags: approval+
Assignee | ||
Comment 9•22 years ago
|
||
QA should probaly be dsirnapalli since he was the one who originally repro'd this bug for me.
Assignee | ||
Comment 10•22 years ago
|
||
fix checked in
Assignee | ||
Comment 11•22 years ago
|
||
David Baron wrote (via email): "This seems a little risky to me for the branch at this point. I can imagine things that it could break (they're the type of things (web page X crashes) that I would think would be caught after a week of being shaken out on the trunk, especially if you put that printf / assertion in)."
Updated•22 years ago
|
QA Contact: amar → dsirnapalli
Assignee | ||
Comment 12•22 years ago
|
||
fix checked into trunk, not into branch
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Assignee | ||
Comment 13•22 years ago
|
||
Spoke with dbaron on IRC. He says it should be okay to check this fix into 0.9.9 now.
Comment 14•22 years ago
|
||
-- Verified the fix on MfcEmbed of trunk build. Works fine. Verified it on MfcEmbed nightly_build also. Works fine. Marking the bug as verified.
Status: RESOLVED → VERIFIED
Assignee | ||
Comment 15•22 years ago
|
||
John, can you check this one into the trunk for me?
Comment 16•22 years ago
|
||
I didn't have a 0.9.9 branch, pulled and am building as I write. I will apply the patch and check it in asap.
Whiteboard: patch ready, seeking r= → in the trunk, preping to go in 0.9.9 branch
Comment 17•22 years ago
|
||
checked in to 0.9.9 branch I'll let edt remove the edt0.9.9+
Keywords: fixed0.9.9
Whiteboard: in the trunk, preping to go in 0.9.9 branch
Comment 18•22 years ago
|
||
actually, "edt0.9.9+" stays. thanks for the checkin!
Comment 19•22 years ago
|
||
-- Verified the fix in latest 0.9.9ec (03/27/02). Works fine.
Comment 20•5 years ago
|
||
Keywords: sec508
You need to log in
before you can comment on or make changes to this bug.
Description
•