Closed
Bug 1016415
Opened 11 years ago
Closed 11 years ago
Potential for crash with an empty <menugroup>
Categories
(Firefox :: Menus, defect)
Firefox
Menus
Tracking
()
VERIFIED
FIXED
Firefox 32
People
(Reporter: jaws, Assigned: jaws)
References
Details
(Whiteboard: p=1 s=it-32c-31a-30b.3 [qa-])
Attachments
(1 file)
|
5.13 KB,
patch
|
enndeakin
:
review+
|
Details | Diff | Splinter Review |
See https://hg.mozilla.org/integration/fx-team/rev/df4be0b6c018#l4.13
If the <menugroup> is empty, then the first child will be null, and line 4.16 will dereference it.
|
Assignee | |
Updated•11 years ago
|
Assignee: nobody → jaws
Status: NEW → ASSIGNED
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: p=1
|
||
Updated•11 years ago
|
Whiteboard: p=1 → p=1 s=it-32c-31a-30b.3 [qa?]
|
|
Assignee | |
Updated•11 years ago
|
Whiteboard: p=1 s=it-32c-31a-30b.3 [qa?] → p=1 s=it-32c-31a-30b.3 [qa-]
|
|
||
Updated•11 years ago
|
Flags: firefox-backlog+
|
|
Assignee | |
Comment 1•11 years ago
|
||
I verified that the test causes a crash without the patch applied.
Attachment #8429468 -
Flags: review?(enndeakin)
|
||
Comment 2•11 years ago
|
||
Comment on attachment 8429468 [details] [diff] [review]
Patch and test
> for (nsCOMPtr<nsIContent> grandChild = aPopup->GetFirstChild();
> grandChild;
> grandChild = grandChild->GetNextSibling()) {
> if (grandChild->IsXUL(nsGkAtoms::menugroup)) {
>+ if (grandChild->GetChildCount() == 0) {
>+ continue;
>+ }
> grandChild = grandChild->GetFirstChild();
It would be simpler to just use:
if (!grandChild)
continue;
Attachment #8429468 -
Flags: review?(enndeakin) → review+
|
|
Assignee | |
Comment 3•11 years ago
|
||
We can't use `if (!grandChild) continue;` because at that point we wouldn't be able to do `grandChild = grandChild->GetNextSibling()` at the beginning of the next iteration of the loop.
Keywords: checkin-needed
|
|
||
Comment 4•11 years ago
|
||
True. I misread that, so ignore my comment.
|
||
Comment 5•11 years ago
|
||
Do you have a link to a recent Try run by chance? :)
Keywords: checkin-needed
|
|
Assignee | |
Comment 6•11 years ago
|
||
|
|
Assignee | |
Updated•11 years ago
|
Keywords: checkin-needed
|
|
||
Comment 7•11 years ago
|
||
Flags: in-testsuite+
Keywords: checkin-needed
Whiteboard: p=1 s=it-32c-31a-30b.3 [qa-] → p=1 s=it-32c-31a-30b.3 [qa-][fixed-in-fx-team]
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Whiteboard: p=1 s=it-32c-31a-30b.3 [qa-][fixed-in-fx-team] → p=1 s=it-32c-31a-30b.3 [qa-]
Target Milestone: --- → Firefox 32
|
|
||
Updated•11 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•