Closed Bug 207145 Opened 21 years ago Closed 21 years ago

nsTableRowGroupFrame::InitRepeatedFrame looks pretty dangerous

Categories

(Core :: Layout: Tables, defect)

x86
Windows 98
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: bernd_mozilla, Assigned: bernd_mozilla)

References

()

Details

Attachments

(1 file)

it assumes that each kidFrame has the desired type and that all arguments are valid.
It appeared as crash pattern already for M1RC2 and is still at
http://ftp.mozilla.org/pub/data/crash-data/Trunk-topcrashers.html.
Attached patch patchSplinter Review
Attachment #124689 - Flags: review?(jkeiser)
Comment on attachment 124689 [details] [diff] [review]
patch

Nice change.  Two things:

At your option, you might want to condense this so that the variable
initializations and declarations are on the same line:

+    nsTableCellFrame* originalCellFrame;
+    nsTableCellFrame* copyCellFrame;
+    originalCellFrame = originalRowFrame->GetFirstCell();
+    copyCellFrame     = copyRowFrame->GetFirstCell();

I think you meant while (originalCellFrame && copyCellFrame) here:

+    while (copyCellFrame && copyCellFrame) {

With those changes, r=me
Attachment #124689 - Flags: review?(jkeiser) → review+
Attachment #124689 - Flags: superreview?(kin)
Comment on attachment 124689 [details] [diff] [review]
patch

sr=kin@netscape.com with jkeiser's copyCellFrame to originalCellFrame request.
Attachment #124689 - Flags: superreview?(kin) → superreview+
fix checked in
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: