Closed
Bug 1429175
Opened 6 years ago
Closed 6 years ago
Null crash [@ GetAsText]
Categories
(Core :: DOM: Editor, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 1424450
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(1 file, 1 obsolete file)
|
626 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev ca379fcca95b.
Testcase must be served by a local webserver in order to reproduce.
==12124==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f18eade296b bp 0x7fff816a3900 sp 0x7fff816a3680 T0)
==12124==The signal is caused by a READ memory access.
==12124==Hint: address points to the zero page.
#0 0x7f18eade296a in GetAsText /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/Text.h:46:10
#1 0x7f18eade296a in mozilla::WSRunObject::GetWSNodes() /builds/worker/workspace/build/src/editor/libeditor/WSRunObject.cpp:661
#2 0x7f18eade24a6 in mozilla::WSRunObject::WSRunObject(mozilla::HTMLEditor*, nsINode*, int) /builds/worker/workspace/build/src/editor/libeditor/WSRunObject.cpp:52:3
#3 0x7f18eac6738d in mozilla::HTMLEditRules::WillInsertText(EditAction, mozilla::dom::Selection*, bool*, bool*, nsTSubstring<char16_t> const*, nsTSubstring<char16_t>*, int) /builds/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:1492:21
#4 0x7f18eac63dc8 in mozilla::HTMLEditRules::WillDoAction(mozilla::dom::Selection*, mozilla::RulesInfo*, bool*, bool*) /builds/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:643:14
#5 0x7f18eadcf2c1 in mozilla::TextEditor::InsertText(nsTSubstring<char16_t> const&) /builds/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:715:24
#6 0x7f18eac2173f in mozilla::InsertPlaintextCommand::DoCommandParams(char const*, nsICommandParams*, nsISupports*) /builds/worker/workspace/build/src/editor/libeditor/EditorCommands.cpp:1102:22
#7 0x7f18e8d2800c in nsControllerCommandTable::DoCommandParams(char const*, nsICommandParams*, nsISupports*) /builds/worker/workspace/build/src/dom/commandhandler/nsControllerCommandTable.cpp:162:26
#8 0x7f18e8d1e323 in DoCommandWithParams /builds/worker/workspace/build/src/dom/commandhandler/nsBaseCommandController.cpp:152:25
#9 0x7f18e8d1e323 in non-virtual thunk to nsBaseCommandController::DoCommandWithParams(char const*, nsICommandParams*) /builds/worker/workspace/build/src/dom/commandhandler/nsBaseCommandController.cpp
#10 0x7f18e8d247ea in nsCommandManager::DoCommand(char const*, nsICommandParams*, mozIDOMWindowProxy*) /builds/worker/workspace/build/src/dom/commandhandler/nsCommandManager.cpp:210:29
#11 0x7f18e926fe7a in nsHTMLDocument::ExecCommand(nsTSubstring<char16_t> const&, bool, nsTSubstring<char16_t> const&, nsIPrincipal&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/html/nsHTMLDocument.cpp:3317:18
#12 0x7f18e85f481c in mozilla::dom::HTMLDocumentBinding::execCommand(JSContext*, JS::Handle<JSObject*>, nsHTMLDocument*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/HTMLDocumentBinding.cpp:855:21
#13 0x7f18e8993b87 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3042:13Flags: in-testsuite?
|
||
Updated•6 years ago
|
Crash Signature: [@ nsINode::GetAsText ]
Priority: -- → P1
|
||
Comment 1•6 years ago
|
||
I think this testcase is a bit more reliable and can be loaded from the filesystem as is.
Attachment #8941167 -
Attachment is obsolete: true
|
|
||
Updated•6 years ago
|
status-firefox60:
--- → affected
|
|
||
Updated•6 years ago
|
Crash Signature: [@ nsINode::GetAsText ] → [@ nsINode::GetAsText ]
[@ mozilla::HTMLEditRules::CreateStyleForInsertText ]
|
|
||
Comment 2•6 years ago
|
||
This may be same as bug 1424450
|
|
||
Comment 3•6 years ago
|
||
This is fixed by bug 1424450
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•