Closed Bug 180578 Opened 22 years ago Closed 22 years ago

nsImageBoxFrame::UpdateLoadFlags doesn't null check loader

Categories

(Core :: Layout: Images, Video, and HTML Frames, defect)

Product:
Core
Component:
Layout: Images, Video, and HTML Frames
Platform:
x86
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: pavlov)

Details

(Keywords: crash)

Attachments

(1 file, 1 obsolete file)

compiling patch
649 bytes, patch
Biesinger
: review+
bzbarsky
: superreview+
Details | Diff | Splinter Review 
###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().

NTDLL! 77f9f9df()
nsDebug::Assertion(const char * 0x02c80ab4 `string', const char * 0x02c80af8
`string', const char * 0x02c8145c `string', int 650) line 280 + 13 bytes
nsDebug::PreCondition(const char * 0x02c80ab4 `string', const char * 0x02c80af8
`string', const char * 0x02c8145c `string', int 650) line 439 + 21 bytes
nsCOMPtr<imgILoader>::operator->() line 650 + 34 bytes
nsImageBoxFrame::UpdateImage(nsIPresContext * 0x01224028, int & 0) line 470 + 91
bytes
nsImageBoxFrame::Init(nsImageBoxFrame * const 0x03a17070, nsIPresContext *
0x01224028, nsIContent * 0x03a16bb0, nsIFrame * 0x039cc978, nsIStyleContext *
0x039cca6c, nsIFrame * 0x00000000) line 350
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x01224028,
nsFrameConstructorState & {...}, nsIContent * 0x03a16bb0, nsIFrame * 0x039cc978,
nsIStyleContext * 0x039cca6c, nsIFrame * 0x00000000, nsIFrame * 0x03a17070) line
6804 + 32 bytes
nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x03a16bb0, nsIFrame * 0x039cc978, nsIAtom * 0x0111c398, int 8, nsIStyleContext
* 0x039cca6c, nsFrameItems & {...}, int 0, int & 0) line 5850
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x03a16bb0, nsIFrame * 0x039cc978, nsIAtom * 0x0111c398, int 8, nsIStyleContext
* 0x039cca6c, nsFrameItems & {...}, int 0) line 7422 + 57 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x03a16bb0, nsIFrame
* 0x039cc978, nsFrameItems & {...}) line 7306 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030ce048, nsIFrame
* 0x039cc978, int 0, nsFrameItems & {...}, int 0, nsTableCreator * 0x00000000)
line 12195 + 66 bytes
nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030ce048, nsIFrame * 0x039cc09c, nsIAtom * 0x01089b40, int 8, nsIStyleContext
* 0x039cc7bc, nsFrameItems & {...}, int 1, int & 0) line 5871 + 47 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030ce048, nsIFrame * 0x039cc09c, nsIAtom * 0x01089b40, int 8, nsIStyleContext
* 0x039cc7bc, nsFrameItems & {...}, int 1) line 7422 + 57 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030ce048, nsIFrame * 0x039cc09c, nsIAtom * 0x011f4420, int 8, nsIStyleContext
* 0x039cc7bc, nsFrameItems & {...}, int 0) line 7374 + 56 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030ce048, nsIFrame
* 0x039cc09c, nsFrameItems & {...}) line 7306 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030d2798, nsIFrame
* 0x039cc09c, int 0, nsFrameItems & {...}, int 0, nsTableCreator * 0x00000000)
line 12195 + 66 bytes
nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030d2798, nsIFrame * 0x03313c0c, nsIAtom * 0x011f3d78, int 8, nsIStyleContext
* 0x039cbe58, nsFrameItems & {...}, int 0, int & 0) line 5871 + 47 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030d2798, nsIFrame * 0x03313c0c, nsIAtom * 0x011f3d78, int 8, nsIStyleContext
* 0x039cbe58, nsFrameItems & {...}, int 0) line 7422 + 57 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030d2798, nsIFrame
* 0x03313c0c, nsFrameItems & {...}) line 7306 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x012904e8,
nsIPresContext * 0x01224028, nsIContent * 0x01194ce8, nsIContent * 0x030d2798,
int 31, nsILayoutHistoryState * 0x00000000, int 0) line 9213
StyleSetImpl::ContentInserted(StyleSetImpl * const 0x0129b150, nsIPresContext *
0x01224028, nsIContent * 0x01194ce8, nsIContent * 0x030d2798, int 31) line 1531
PresShell::ContentInserted(PresShell * const 0x01290648, nsIDocument *
0x01067cf0, nsIContent * 0x01194ce8, nsIContent * 0x030d2798, int 31) line 5290
+ 53 bytes
nsXBLBindingRequest::DocumentLoaded(nsIDocument * 0x03990910) line 181
nsXBLStreamListener::Load(nsXBLStreamListener * const 0x03434534, nsIDOMEvent *
0x01bc3600) line 442
nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x034345c8,
nsIPresContext * 0x00000000, nsEvent * 0x0012f850, nsIDOMEvent * * 0x0012f800,
nsIDOMEventTarget * 0x03990944, unsigned int 7, nsEventStatus * 0x0012f878) line
1860 + 41 bytes
nsDocument::HandleDOMEvent(nsDocument * const 0x03990910, nsIPresContext *
0x00000000, nsEvent * 0x0012f850, nsIDOMEvent * * 0x0012f800, unsigned int 7,
nsEventStatus * 0x0012f878) line 3509
nsXMLDocument::EndLoad(nsXMLDocument * const 0x03990910) line 559
nsXMLContentSink::DidBuildModel(nsXMLContentSink * const 0x03432780, int 0) line 434
nsExpatDriver::DidBuildModel(nsExpatDriver * const 0x0342e5f0, unsigned int 0,
int 1, nsIParser * 0x034330d0, nsIContentSink * 0x03432780) line 972 + 23 bytes
nsParser::DidBuildModel(unsigned int 0) line 1262 + 41 bytes
nsParser::ResumeParse(int 1, int 1, int 1) line 1811
nsParser::OnStopRequest(nsParser * const 0x034330d4, nsIRequest * 0x034326a8,
nsISupports * 0x00000000, unsigned int 0) line 2432 + 21 bytes
nsXBLStreamListener::OnStopRequest(nsXBLStreamListener * const 0x03434530,
nsIRequest * 0x034326a8, nsISupports * 0x00000000, unsigned int 0) line 326 + 38
bytes
nsJARChannel::OnStopRequest(nsJARChannel * const 0x034326ac, nsIRequest *
0x03434e1c, nsISupports * 0x00000000, unsigned int 0) line 606 + 49 bytes
nsOnStopRequestEvent::HandleEvent() line 213
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x031e81a4) line 116
PL_HandleEvent(PLEvent * 0x031e81a4) line 644 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00fc5638) line 574 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x000304ca, unsigned int 49311, unsigned int 0,
long 16537144) line 1335 + 9 bytes
USER32! 77e13eb0()
USER32! 77e1401a()
USER32! 77e13f0f()
nsAppShellService::Run(nsAppShellService * const 0x010910f8) line 472
main1(int 1, char * * 0x00284570, nsISupports * 0x00276f08) line 1541 + 32 bytes
main(int 1, char * * 0x00284570) line 1902 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e87903()

-	il	{...}
+	mRawPtr	0x00000000

  il->LoadImage(srcURI, nsnull, documentURI, loadGroup, mListener, aPresContext,
mLoadFlags, nsnull, nsnull, getter_AddRefs(mImageRequest));
Attached patch pass out the error (obsolete) — Splinter Review 

    
    

    
  
nice attempt but that function is void :)

just delete the " rv" part from the return, and it works.
Keywords: crash

    
    

    
  

      
      
      
      

        Attached patch
          
          
        compiling patchSplinter Review
      

    


  

        Attachment #106581 -
        Attachment is obsolete: true

    
  

        Attachment #106814 -
        Flags: superreview?(bzbarsky)

        Attachment #106814 -
        Flags: review?(cbiesinger)

        Attachment #106814 -
        Flags: superreview?(bzbarsky) → superreview+

        Attachment #106814 -
        Flags: review?(cbiesinger) → review+

    
    

    
  
checked in
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED

    
  
Product: Core → Core Graveyard

    
  
Product: Core Graveyard → Core

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: