crash addreffing (nsIWidget *) 0xdbdbdbdb when mEvent->eventStructType == NS_EVENT [@nsDOMEvent::GetClientX]

VERIFIED FIXED in mozilla0.9.8

Status

()

Core
DOM: Events
--
critical
VERIFIED FIXED
17 years ago
17 years ago

People

(Reporter: timeless, Assigned: Joe Hewitt (gone))

Tracking

Trunk
mozilla0.9.8
x86
FreeBSD
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

17 years ago
#0  0x29119ca1 in nsDOMEvent::GetClientX (this=0x295db800, aClientX=0xbfbf7ce0) at /home/timeless/mozilla/content/events/src/nsDOMEvent.cpp:679
679       NS_ADDREF(parent);
(gdb) where
#0  0x29119ca1 in nsDOMEvent::GetClientX (this=0x295db800, aClientX=0xbfbf7ce0) at /home/timeless/mozilla/content/events/src/nsDOMEvent.cpp:679
#1  0x2828b590 in XPTC_InvokeByIndex (that=0x295db808, methodIndex=18, paramCount=1, params=0xbfbf7ce0)
    at /home/timeless/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcinvoke_unixish_x86.cpp:153

(gdb) p parent
$1 = (nsIWidget *) 0xdbdbdbdb
(gdb) p mEvent->eventStructType
$6 = 1 '\001'

Full stack trace available. This was triggered with a custom dom event.

I have a simple fix. remove the highlighted line.
(Reporter)

Comment 1

17 years ago
w/ the obvious change, we die at the next logical point:
#0  0x2911a13d in nsDOMEvent::GetClientY (this=0x295db800, aClientY=0xbfbf7c64) at /home/timeless/mozilla/content/events/src/nsDOMEvent.cpp:732
732       NS_ADDREF(parent);
(gdb) p parent
$1 = (nsIWidget *) 0x8d
(gdb)  p mEvent->eventStructType
$2 = 1 '\001'
(Reporter)

Comment 2

17 years ago
Created attachment 61991 [details] [diff] [review]
only check mouse events for coordinates
(Assignee)

Comment 3

17 years ago
You can't remove those lines, I added them in a few weeks ago so that custom dom
events, specifically the popup events, can have mouse coordinates.
(Assignee)

Updated

17 years ago
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.8
(Assignee)

Comment 4

17 years ago
Created attachment 63872 [details] [diff] [review]
this should work
Attachment #61991 - Attachment is obsolete: true
(Reporter)

Comment 5

17 years ago
Comment on attachment 63872 [details] [diff] [review]
this should work

i don't understand it, but it works.
Attachment #63872 - Flags: review+
(Reporter)

Comment 6

17 years ago
alecf: would you sr=?
Keywords: mozilla0.9.8

Comment 7

17 years ago
Comment on attachment 63872 [details] [diff] [review]
this should work

sr=alecf
Attachment #63872 - Flags: superreview+
(Assignee)

Comment 8

17 years ago
fixed
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → FIXED

Comment 9

17 years ago
Can one of the developer's please verify?
(Assignee)

Comment 10

17 years ago
suuure, it's verified
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.