All users were logged out of Bugzilla on October 13th, 2018

[FIX]Crash in XBL when <handlers> comes inside <implementation>

RESOLVED FIXED in mozilla1.8alpha6

Status

()

P1
critical
RESOLVED FIXED
14 years ago
13 years ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

({crash})

Trunk
mozilla1.8alpha6
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(3 attachments)

(Assignee)

Description

14 years ago
This was a case overlooked by the patch in bug 223799.

The basic problem is that we open <implementation> in the XBL sink (but not the
XML one.  Then we try to open <handlers>, go into error mode, and stop doing
weird XBL stuff... so when </implementation> comes around we actually close it
in the XML sink (which doesn't check whether the right thing is being closed,
because expat wouldn't allow the wrong thing to be closed).  Then when we try to
close <bindings> we crash (or rather PR_ASSERT, but the result is the same) in
nsXMLContentSink::HandleEndElement because we've already closed the document
element.
(Assignee)

Comment 1

14 years ago
Created attachment 162669 [details]
XBL for testcase
(Assignee)

Comment 2

14 years ago
Created attachment 162670 [details]
HTML for testcase
(Assignee)

Updated

14 years ago
Attachment #162721 - Flags: superreview?(jst)
Attachment #162721 - Flags: review?(bryner)
(Assignee)

Updated

14 years ago
Priority: -- → P1
Summary: Crash in XBL when <handlers> comes inside <implementation> → [FIX]Crash in XBL when <handlers> comes inside <implementation>
Target Milestone: --- → mozilla1.8alpha5
Comment on attachment 162721 [details] [diff] [review]
Patch

sr=jst
Attachment #162721 - Flags: superreview?(jst) → superreview+
*** Bug 219006 has been marked as a duplicate of this bug. ***
Attachment #162721 - Flags: review?(bryner) → review+
(Assignee)

Comment 6

14 years ago
Fix checked in.
Status: NEW → RESOLVED
Last Resolved: 14 years ago
Resolution: --- → FIXED
Target Milestone: mozilla1.8alpha5 → mozilla1.8alpha6
*** Bug 253376 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.