Closed
Bug 205063
Opened 22 years ago
Closed 17 years ago
assertion on indent, accessing invalid memory location
Categories
(Core :: DOM: Editor, defect, P4)
Tracking
()
RESOLVED
FIXED
People
(Reporter: KaiE, Assigned: smontagu)
Details
Attachments
(1 file, 2 obsolete files)
2.35 KB,
patch
|
mozeditor
:
review+
sfraser_bugs
:
superreview+
|
Details | Diff | Splinter Review |
Simon reported it, and I can reproduce.
Latest trunk, open new composer window, use "indent" toolbar button or command.
Actual behaviour:
- an assertion is shown, see stack trace below. The code in WillCSSIndent tries
to access the first entry in an array, although the array is empty. (reproducible)
- Simon sees the caret going to the "partially visible" state. I can not
reproduce that. But that could be a sideeffect of corrupting memory, caused by
the invalid array entry access.
nsVoidArray::ElementAt(int 0) line 72 + 35 bytes
nsCOMArray_base::ObjectAt(int 0) line 98
nsCOMArray<nsIDOMNode>::ObjectAt(int 0) line 147
nsCOMArray<nsIDOMNode>::operator[](int 0) line 152
nsHTMLEditRules::WillCSSIndent(nsISelection * 0x0573bf70, int * 0x0012d3ac, int
* 0x0012d3f4) line 3449 + 10 bytes
nsHTMLEditRules::WillIndent(nsISelection * 0x0573bf70, int * 0x0012d3ac, int *
0x0012d3f4) line 3368 + 20 bytes
nsHTMLEditRules::WillDoAction(nsHTMLEditRules * const 0x04661d54, nsISelection *
0x0573bf70, nsRulesInfo * 0x0012d3b4, int * 0x0012d3ac, int * 0x0012d3f4) line
548 + 23 bytes
nsHTMLEditor::Indent(nsHTMLEditor * const 0x055a44d8, const nsAString & {...})
line 2906 + 56 bytes
nsIndentCommand::DoCommand(nsIndentCommand * const 0x053e2078, const char *
0x05487378, nsISupports * 0x055a43f0) line 537 + 43 bytes
nsControllerCommandTable::DoCommand(nsControllerCommandTable * const 0x053678c8,
const char * 0x05487378, nsISupports * 0x055a43f0) line 191 + 31 bytes
nsBaseCommandController::DoCommand(nsBaseCommandController * const 0x05361090,
const char * 0x05487378) line 133
Assignee | ||
Comment 1•22 years ago
|
||
This patch removes the assertion and the caret problem for me.
Assignee | ||
Comment 2•22 years ago
|
||
Assignee | ||
Updated•22 years ago
|
Attachment #122877 -
Flags: superreview?(sfraser)
Attachment #122877 -
Flags: review?(jfrancis)
Assignee | ||
Comment 3•22 years ago
|
||
Correction: this patch doesn't always fix the caret problem :-(
Assignee | ||
Updated•22 years ago
|
Attachment #122877 -
Flags: superreview?(sfraser)
Attachment #122877 -
Flags: review?(jfrancis)
Assignee | ||
Comment 4•22 years ago
|
||
Attachment #122877 -
Attachment is obsolete: true
Attachment #122878 -
Attachment is obsolete: true
Updated•22 years ago
|
Attachment #122902 -
Flags: review+
Assignee | ||
Updated•22 years ago
|
Attachment #122902 -
Flags: superreview?(sfraser)
Assignee | ||
Comment 5•22 years ago
|
||
BTW, in case my last two comments are misleading, the last patch *still* doesn't
fix the cursor problem.
Updated•22 years ago
|
Attachment #122902 -
Flags: superreview?(sfraser) → superreview+
Updated•18 years ago
|
QA Contact: bugzilla → editor
Updated•17 years ago
|
Flags: blocking1.9?
Updated•17 years ago
|
Flags: blocking1.9? → blocking1.9+
Priority: -- → P4
Comment 7•17 years ago
|
||
What's the status of this, four years later?
Assignee | ||
Comment 8•17 years ago
|
||
The same change was checked in by dbaron in bug 96108
http://bonsai.mozilla.org/cvsview2.cgi?diff_mode=context&whitespace_mode=show&file=nsHTMLEditRules.cpp&branch=&root=/cvsroot&subdir=mozilla/editor/libeditor/html&command=DIFF_FRAMESET&rev1=1.314&rev2=1.315
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•