[FIXr]Mozilla crashes if document.getBoxObjectFor() is called with an undefined parameter

RESOLVED FIXED in mozilla1.7beta

Status

()

Core
DOM
P2
critical
RESOLVED FIXED
15 years ago
5 years ago

People

(Reporter: Wladimir Palant, Assigned: bz)

Tracking

Trunk
mozilla1.7beta
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

15 years ago
User-Agent:       
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040211

There is some problem with the parameter check in document.getBoxObjectFor(),
Mozilla crashes when getBoxObjectFor() is called with an undefined value as a
parameter. That's what Windows XP shows about the crash: 

AppName: mozilla.exe	 AppVer: 1.7.20040.21109	 ModName: gklayout.dll
ModVer: 1.7.20040.21109	 Offset: 00118b23

The Incident ID is TB30286417Y (produced with Mozilla 1.4 Build 2003062408 -
somehow I can't make the feedback agent work with the newer releases).

Reproducible: Always
Steps to Reproduce:
1. Open the JavaScript URL
Actual Results:  
The browser crashes
(Reporter)

Comment 1

15 years ago
Ok, it doesn't have to be undefined, can be null as well (I suppose it is both
converted into NULL in C++ code). The following two function calls produce a
crash as well:

document.addBinding(null,'')
document.removeBinding(null,'')
Attachment #141408 - Flags: superreview?(jst)
Attachment #141408 - Flags: review?(jst)
Comment on attachment 141408 [details] [diff] [review]
Null-checks

r+sr=jst
Attachment #141408 - Flags: superreview?(jst)
Attachment #141408 - Flags: superreview+
Attachment #141408 - Flags: review?(jst)
Attachment #141408 - Flags: review+
Assignee: general → bzbarsky
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows XP → All
Priority: -- → P2
Hardware: PC → All
Summary: Mozilla crashes if document.getBoxObjectFor() is called with an undefined parameter → [FIXr]Mozilla crashes if document.getBoxObjectFor() is called with an undefined parameter
Target Milestone: --- → mozilla1.7beta
Fix checked in for 1.7b
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Component: DOM: Mozilla Extensions → DOM
Product: Core → Core
You need to log in before you can comment on or make changes to this bug.