Closed
Bug 112494
Opened 24 years ago
Closed 24 years ago
crash in nsAccessibilityService::CreateIFrameAccessible
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: rginda, Assigned: aaronlev)
Details
Attachments
(1 file, 1 obsolete file)
|
1.55 KB,
patch
|
mozilla
:
review+
|
Details | Diff | Splinter Review |
Another null pointer dereference in accessible code, triggered by opening the
window object in the venkman object inspector. See also bug 103903 and bug 110620.
I spoke with jgaunt about smoketesting future accessible changes with the
debugger, I'd really appreciate it if ya'll would do that. These types of
crashes reflect bad on the debugger, because it's typically the first thing new
users try. When it crashes on them this easily, they get turned off to the
debugger and go back to dump() statements, leaving me without a job.
The smoketest procedure is simple...
1. Start mozilla with -venkman.
2. Launch navigator from the venkman tasks menu.
3. Click the stop button (a red X) in the venkman toolbar.
4. Focus navigator, venkman should react by stopping execution.
5. Open the top stack frame and the "this" object, which should be of type Window.
6. If you don't crash, everything is OK, otherwise, something is wrong.
The deal here is that the accessibility getter in browser.xml is calling out to
CreateIFrameAccessible, which crashes. It is possible that the above test could
be reduced to a xul file which fetches |window.accessible|, though I havn't tested.
In general, any scriptable method, such as CreateIFrameAccessible, should to be
robust enough to deal with bad parameters without crashing. If the caller
passes null, or an unexpected object, the method should throw a meaningful
error, instead of assert and crash. Asserts are best left for conditions that
"can't" happen. When you're scriptable, anything can happen (as far as
parameters are concerned.)
|
Reporter | |
Comment 1•24 years ago
|
||
|
|
||
Comment 2•24 years ago
|
||
Comment on attachment 59593 [details] [diff] [review]
proposed patch
r=jgaunt
Attachment #59593 -
Flags: review+
|
|
||
Comment 3•24 years ago
|
||
adding brendan for sr=
This is horking the js debugger, trying to get quick turnaround.
|
||
Comment 4•24 years ago
|
||
Comment on attachment 59593 [details] [diff] [review]
proposed patch
Blech on NS_WARN_IF_FALSE, but I'll assent nonetheless: sr=shaver.
Long live venkman!
Attachment #59593 -
Flags: superreview+
|
|
Reporter | |
Updated•24 years ago
|
Attachment #59593 -
Attachment is obsolete: true
|
|
Reporter | |
Comment 5•24 years ago
|
||
Sorry, that last patch was stale when I posted it. This new one adds a null
pointer check for the argument too.
|
|
||
Comment 6•24 years ago
|
||
Comment on attachment 59626 [details] [diff] [review]
new proposed patch
r=jgaunt
still looks good to me
Attachment #59626 -
Flags: review+
|
|
Reporter | |
Comment 7•24 years ago
|
||
checked in.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
|
||
Updated•7 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•