nsImageBoxFrame::UpdateLoadFlags doesn't null check loader

RESOLVED FIXED

Status

()

Core
Layout: Images
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: timeless, Assigned: Stuart Parmenter)

Tracking

({crash})

Trunk
x86
Windows 2000
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

15 years ago
###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().

NTDLL! 77f9f9df()
nsDebug::Assertion(const char * 0x02c80ab4 `string', const char * 0x02c80af8
`string', const char * 0x02c8145c `string', int 650) line 280 + 13 bytes
nsDebug::PreCondition(const char * 0x02c80ab4 `string', const char * 0x02c80af8
`string', const char * 0x02c8145c `string', int 650) line 439 + 21 bytes
nsCOMPtr<imgILoader>::operator->() line 650 + 34 bytes
nsImageBoxFrame::UpdateImage(nsIPresContext * 0x01224028, int & 0) line 470 + 91
bytes
nsImageBoxFrame::Init(nsImageBoxFrame * const 0x03a17070, nsIPresContext *
0x01224028, nsIContent * 0x03a16bb0, nsIFrame * 0x039cc978, nsIStyleContext *
0x039cca6c, nsIFrame * 0x00000000) line 350
nsCSSFrameConstructor::InitAndRestoreFrame(nsIPresContext * 0x01224028,
nsFrameConstructorState & {...}, nsIContent * 0x03a16bb0, nsIFrame * 0x039cc978,
nsIStyleContext * 0x039cca6c, nsIFrame * 0x00000000, nsIFrame * 0x03a17070) line
6804 + 32 bytes
nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x03a16bb0, nsIFrame * 0x039cc978, nsIAtom * 0x0111c398, int 8, nsIStyleContext
* 0x039cca6c, nsFrameItems & {...}, int 0, int & 0) line 5850
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x03a16bb0, nsIFrame * 0x039cc978, nsIAtom * 0x0111c398, int 8, nsIStyleContext
* 0x039cca6c, nsFrameItems & {...}, int 0) line 7422 + 57 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x03a16bb0, nsIFrame
* 0x039cc978, nsFrameItems & {...}) line 7306 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030ce048, nsIFrame
* 0x039cc978, int 0, nsFrameItems & {...}, int 0, nsTableCreator * 0x00000000)
line 12195 + 66 bytes
nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030ce048, nsIFrame * 0x039cc09c, nsIAtom * 0x01089b40, int 8, nsIStyleContext
* 0x039cc7bc, nsFrameItems & {...}, int 1, int & 0) line 5871 + 47 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030ce048, nsIFrame * 0x039cc09c, nsIAtom * 0x01089b40, int 8, nsIStyleContext
* 0x039cc7bc, nsFrameItems & {...}, int 1) line 7422 + 57 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030ce048, nsIFrame * 0x039cc09c, nsIAtom * 0x011f4420, int 8, nsIStyleContext
* 0x039cc7bc, nsFrameItems & {...}, int 0) line 7374 + 56 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030ce048, nsIFrame
* 0x039cc09c, nsFrameItems & {...}) line 7306 + 56 bytes
nsCSSFrameConstructor::ProcessChildren(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030d2798, nsIFrame
* 0x039cc09c, int 0, nsFrameItems & {...}, int 0, nsTableCreator * 0x00000000)
line 12195 + 66 bytes
nsCSSFrameConstructor::ConstructXULFrame(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030d2798, nsIFrame * 0x03313c0c, nsIAtom * 0x011f3d78, int 8, nsIStyleContext
* 0x039cbe58, nsFrameItems & {...}, int 0, int & 0) line 5871 + 47 bytes
nsCSSFrameConstructor::ConstructFrameInternal(nsIPresShell * 0x01290640,
nsIPresContext * 0x01224028, nsFrameConstructorState & {...}, nsIContent *
0x030d2798, nsIFrame * 0x03313c0c, nsIAtom * 0x011f3d78, int 8, nsIStyleContext
* 0x039cbe58, nsFrameItems & {...}, int 0) line 7422 + 57 bytes
nsCSSFrameConstructor::ConstructFrame(nsIPresShell * 0x01290640, nsIPresContext
* 0x01224028, nsFrameConstructorState & {...}, nsIContent * 0x030d2798, nsIFrame
* 0x03313c0c, nsFrameItems & {...}) line 7306 + 56 bytes
nsCSSFrameConstructor::ContentInserted(nsCSSFrameConstructor * const 0x012904e8,
nsIPresContext * 0x01224028, nsIContent * 0x01194ce8, nsIContent * 0x030d2798,
int 31, nsILayoutHistoryState * 0x00000000, int 0) line 9213
StyleSetImpl::ContentInserted(StyleSetImpl * const 0x0129b150, nsIPresContext *
0x01224028, nsIContent * 0x01194ce8, nsIContent * 0x030d2798, int 31) line 1531
PresShell::ContentInserted(PresShell * const 0x01290648, nsIDocument *
0x01067cf0, nsIContent * 0x01194ce8, nsIContent * 0x030d2798, int 31) line 5290
+ 53 bytes
nsXBLBindingRequest::DocumentLoaded(nsIDocument * 0x03990910) line 181
nsXBLStreamListener::Load(nsXBLStreamListener * const 0x03434534, nsIDOMEvent *
0x01bc3600) line 442
nsEventListenerManager::HandleEvent(nsEventListenerManager * const 0x034345c8,
nsIPresContext * 0x00000000, nsEvent * 0x0012f850, nsIDOMEvent * * 0x0012f800,
nsIDOMEventTarget * 0x03990944, unsigned int 7, nsEventStatus * 0x0012f878) line
1860 + 41 bytes
nsDocument::HandleDOMEvent(nsDocument * const 0x03990910, nsIPresContext *
0x00000000, nsEvent * 0x0012f850, nsIDOMEvent * * 0x0012f800, unsigned int 7,
nsEventStatus * 0x0012f878) line 3509
nsXMLDocument::EndLoad(nsXMLDocument * const 0x03990910) line 559
nsXMLContentSink::DidBuildModel(nsXMLContentSink * const 0x03432780, int 0) line 434
nsExpatDriver::DidBuildModel(nsExpatDriver * const 0x0342e5f0, unsigned int 0,
int 1, nsIParser * 0x034330d0, nsIContentSink * 0x03432780) line 972 + 23 bytes
nsParser::DidBuildModel(unsigned int 0) line 1262 + 41 bytes
nsParser::ResumeParse(int 1, int 1, int 1) line 1811
nsParser::OnStopRequest(nsParser * const 0x034330d4, nsIRequest * 0x034326a8,
nsISupports * 0x00000000, unsigned int 0) line 2432 + 21 bytes
nsXBLStreamListener::OnStopRequest(nsXBLStreamListener * const 0x03434530,
nsIRequest * 0x034326a8, nsISupports * 0x00000000, unsigned int 0) line 326 + 38
bytes
nsJARChannel::OnStopRequest(nsJARChannel * const 0x034326ac, nsIRequest *
0x03434e1c, nsISupports * 0x00000000, unsigned int 0) line 606 + 49 bytes
nsOnStopRequestEvent::HandleEvent() line 213
nsARequestObserverEvent::HandlePLEvent(PLEvent * 0x031e81a4) line 116
PL_HandleEvent(PLEvent * 0x031e81a4) line 644 + 10 bytes
PL_ProcessPendingEvents(PLEventQueue * 0x00fc5638) line 574 + 9 bytes
_md_EventReceiverProc(HWND__ * 0x000304ca, unsigned int 49311, unsigned int 0,
long 16537144) line 1335 + 9 bytes
USER32! 77e13eb0()
USER32! 77e1401a()
USER32! 77e13f0f()
nsAppShellService::Run(nsAppShellService * const 0x010910f8) line 472
main1(int 1, char * * 0x00284570, nsISupports * 0x00276f08) line 1541 + 32 bytes
main(int 1, char * * 0x00284570) line 1902 + 37 bytes
mainCRTStartup() line 338 + 17 bytes
KERNEL32! 77e87903()

-	il	{...}
+	mRawPtr	0x00000000

  il->LoadImage(srcURI, nsnull, documentURI, loadGroup, mListener, aPresContext,
mLoadFlags, nsnull, nsnull, getter_AddRefs(mImageRequest));
(Reporter)

Comment 1

15 years ago
Created attachment 106581 [details] [diff] [review]
pass out the error
nice attempt but that function is void :)

just delete the " rv" part from the return, and it works.
Keywords: crash
(Reporter)

Comment 3

15 years ago
Created attachment 106814 [details] [diff] [review]
compiling patch
Attachment #106581 - Attachment is obsolete: true
(Reporter)

Updated

15 years ago
Attachment #106814 - Flags: superreview?(bzbarsky)
Attachment #106814 - Flags: review?(cbiesinger)
Attachment #106814 - Flags: superreview?(bzbarsky) → superreview+
Attachment #106814 - Flags: review?(cbiesinger) → review+
(Reporter)

Comment 4

15 years ago
checked in
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.