Closed
Bug 1089049
Opened 10 years ago
Closed 10 years ago
crash in nsContentUtils::CanCallerAccess(nsINode*), Browser crashes if contextNode is null of document.evaluate
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla36
People
(Reporter: alice0775, Assigned: peterv)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files, 1 obsolete file)
2.01 KB,
application/x-xpinstall
|
Details | |
5.85 KB,
patch
|
bzbarsky
:
review+
|
Details | Diff | Splinter Review |
[Tracking Requested - why for this release]: This bug was filed from the Socorro interface and is report bp-4c7e0812-cd77-4e62-8d30-c98132141025. ============================================================= Steps To Reproduce: 1. Install certain add-ons 2. open about:addons Regression window(m-i) Good: https://hg.mozilla.org/integration/mozilla-inbound/rev/90cd5968c9ce Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 ID:20141024030110 Bad: https://hg.mozilla.org/integration/mozilla-inbound/rev/c1ab3cd59563 Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 ID:20141024032212 Pushlog: https://hg.mozilla.org/integration/mozilla-inbound/pushloghtml?fromchange=90cd5968c9ce&tochange=c1ab3cd59563
Reporter | ||
Comment 1•10 years ago
|
||
Steps To Reproduce: 1. Install certain add-ons and restart 2. Click [OK][Next][Next][Next][Finish] if dialog pops up 2. Alt > Tools > Options
Reporter | ||
Updated•10 years ago
|
OS: Windows NT → Windows 7
Reporter | ||
Comment 2•10 years ago
|
||
Steps To Reproduce: 1. Install the attached reduced xpi and restart 2. Open about:addons
Reporter | ||
Comment 3•10 years ago
|
||
Ah, just run the following code //------------------ var node =null; var xpathResult = document.evaluate( 'ancestor-or-self::*[local-name()="textbox"]', node, null, XPathResult.FIRST_ORDERED_NODE_TYPE, null ); //------------------ After landing Bug 1018658 : browser crashes Before landing Bug 1018658 : throw an error
Reporter | ||
Updated•10 years ago
|
Summary: crash in nsContentUtils::CanCallerAccess(nsINode*) → crash in nsContentUtils::CanCallerAccess(nsINode*), Browser crashes if contextNode is null of document.evaluate
Reporter | ||
Updated•10 years ago
|
Attachment #8511466 -
Attachment is obsolete: true
Assignee | ||
Updated•10 years ago
|
Assignee: nobody → peterv
Status: NEW → ASSIGNED
Assignee | ||
Comment 4•10 years ago
|
||
Bug 1018658 made us not call the XPCOM version of XPathEvaluator from the WebIDL one, instead we go through XPathExpression's evaluate. But the WebIDL for XPathExpression and XPathEvaluator differ in their evaluate, one takes a Node and the other a Node?. They should just consistently take a Node. The dereferencing of the context node should have tipped me off, but it didn't :-/.
Attachment #8511902 -
Flags: review?(bzbarsky)
Comment 5•10 years ago
|
||
Comment on attachment 8511902 [details] [diff] [review] v1 r=me
Attachment #8511902 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 6•10 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/f24cc6f4a15e
https://hg.mozilla.org/mozilla-central/rev/f24cc6f4a15e
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla36
Updated•10 years ago
|
Updated•9 years ago
|
Updated•9 years ago
|
QA Whiteboard: [good first verify]
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•