Closed
Bug 1429175
Opened 6 years ago
Closed 6 years ago
Null crash [@ GetAsText]
Categories
(Core :: DOM: Editor, defect, P1)
Tracking
()
RESOLVED
DUPLICATE
of bug 1424450
People
(Reporter: jkratzer, Unassigned)
References
(Blocks 1 open bug)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(1 file, 1 obsolete file)
626 bytes,
text/html
|
Details |
Testcase found while fuzzing mozilla-central rev ca379fcca95b. Testcase must be served by a local webserver in order to reproduce. ==12124==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f18eade296b bp 0x7fff816a3900 sp 0x7fff816a3680 T0) ==12124==The signal is caused by a READ memory access. ==12124==Hint: address points to the zero page. #0 0x7f18eade296a in GetAsText /builds/worker/workspace/build/src/obj-firefox/dist/include/mozilla/dom/Text.h:46:10 #1 0x7f18eade296a in mozilla::WSRunObject::GetWSNodes() /builds/worker/workspace/build/src/editor/libeditor/WSRunObject.cpp:661 #2 0x7f18eade24a6 in mozilla::WSRunObject::WSRunObject(mozilla::HTMLEditor*, nsINode*, int) /builds/worker/workspace/build/src/editor/libeditor/WSRunObject.cpp:52:3 #3 0x7f18eac6738d in mozilla::HTMLEditRules::WillInsertText(EditAction, mozilla::dom::Selection*, bool*, bool*, nsTSubstring<char16_t> const*, nsTSubstring<char16_t>*, int) /builds/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:1492:21 #4 0x7f18eac63dc8 in mozilla::HTMLEditRules::WillDoAction(mozilla::dom::Selection*, mozilla::RulesInfo*, bool*, bool*) /builds/worker/workspace/build/src/editor/libeditor/HTMLEditRules.cpp:643:14 #5 0x7f18eadcf2c1 in mozilla::TextEditor::InsertText(nsTSubstring<char16_t> const&) /builds/worker/workspace/build/src/editor/libeditor/TextEditor.cpp:715:24 #6 0x7f18eac2173f in mozilla::InsertPlaintextCommand::DoCommandParams(char const*, nsICommandParams*, nsISupports*) /builds/worker/workspace/build/src/editor/libeditor/EditorCommands.cpp:1102:22 #7 0x7f18e8d2800c in nsControllerCommandTable::DoCommandParams(char const*, nsICommandParams*, nsISupports*) /builds/worker/workspace/build/src/dom/commandhandler/nsControllerCommandTable.cpp:162:26 #8 0x7f18e8d1e323 in DoCommandWithParams /builds/worker/workspace/build/src/dom/commandhandler/nsBaseCommandController.cpp:152:25 #9 0x7f18e8d1e323 in non-virtual thunk to nsBaseCommandController::DoCommandWithParams(char const*, nsICommandParams*) /builds/worker/workspace/build/src/dom/commandhandler/nsBaseCommandController.cpp #10 0x7f18e8d247ea in nsCommandManager::DoCommand(char const*, nsICommandParams*, mozIDOMWindowProxy*) /builds/worker/workspace/build/src/dom/commandhandler/nsCommandManager.cpp:210:29 #11 0x7f18e926fe7a in nsHTMLDocument::ExecCommand(nsTSubstring<char16_t> const&, bool, nsTSubstring<char16_t> const&, nsIPrincipal&, mozilla::ErrorResult&) /builds/worker/workspace/build/src/dom/html/nsHTMLDocument.cpp:3317:18 #12 0x7f18e85f481c in mozilla::dom::HTMLDocumentBinding::execCommand(JSContext*, JS::Handle<JSObject*>, nsHTMLDocument*, JSJitMethodCallArgs const&) /builds/worker/workspace/build/src/obj-firefox/dom/bindings/HTMLDocumentBinding.cpp:855:21 #13 0x7f18e8993b87 in mozilla::dom::GenericBindingMethod(JSContext*, unsigned int, JS::Value*) /builds/worker/workspace/build/src/dom/bindings/BindingUtils.cpp:3042:13
Flags: in-testsuite?
Updated•6 years ago
|
Crash Signature: [@ nsINode::GetAsText ]
Priority: -- → P1
Comment 1•6 years ago
|
||
I think this testcase is a bit more reliable and can be loaded from the filesystem as is.
Attachment #8941167 -
Attachment is obsolete: true
Updated•6 years ago
|
status-firefox60:
--- → affected
Updated•6 years ago
|
Crash Signature: [@ nsINode::GetAsText ] → [@ nsINode::GetAsText ]
[@ mozilla::HTMLEditRules::CreateStyleForInsertText ]
Comment 2•6 years ago
|
||
This may be same as bug 1424450
Comment 3•6 years ago
|
||
This is fixed by bug 1424450
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•