Closed Bug 210298 Opened 22 years ago Closed 22 years ago

Malformed XBL methods cause crash

Categories

(Core :: XBL, defect)

Product:
Core
Component:
XBL
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: enndeakin, Assigned: hyatt)

Details

Attachments

(1 file, 1 obsolete file)

patch with above issues fixed
1.68 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030401 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4a) Gecko/20030401 An xbl method without a name and/or body causes a crash. The following are examples: <method> dump('crash\n"); </method> <method name="fred1"> dump('crash\n"); </method> <method name="fred2"><parameter name="bob"/></method> Reproducible: Always Steps to Reproduce: I have a patch.
Attached patch Fix crashes (obsolete) — Splinter Review
Comment on attachment 126248 [details] [diff] [review] Fix crashes >- else { >+ else if (mUncompiledMethod) { > delete mUncompiledMethod; This change should not be needed -- delete is null-safe. sr=me otherwise.
Attachment #126248 - Flags: superreview+
Attachment #126248 - Flags: review?(bryner)
Comment on attachment 126248 [details] [diff] [review] Fix crashes > else if (mSecondaryState == eXBL_InBody) { > // Get the text and add it to the method >- mMethod->AppendBodyText(text); >+ if (mMethod) mMethod->AppendBodyText(text); |if| body on the next line, please. >Index: content/xbl/src/nsXBLProtoImplMethod.cpp >=================================================================== >RCS file: /cvsroot/mozilla/content/xbl/src/nsXBLProtoImplMethod.cpp,v >retrieving revision 1.4 >diff -u -r1.4 nsXBLProtoImplMethod.cpp >--- content/xbl/src/nsXBLProtoImplMethod.cpp 28 Feb 2003 01:04:37 -0000 1.4 >+++ content/xbl/src/nsXBLProtoImplMethod.cpp 22 Jun 2003 20:05:17 -0000 >@@ -119,7 +119,7 @@ > RemoveJSGCRoot(&mJSMethodObject); > mJSMethodObject = nsnull; > } >- else { >+ else if (mUncompiledMethod) { > delete mUncompiledMethod; > mUncompiledMethod = nsnull; > } |delete| is null-safe; this change shouldn't really be needed. r=bryner with those changes.
Attachment #126248 - Flags: review?(bryner) → review+
Attachment #126248 - Attachment is obsolete: true
Patch updated a tad and checked in (on the assumption that Neil does not have CVS access). Neil, next time please mail me if you need something to check in, so it doesn't get lost....
Status: UNCONFIRMED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: