272879 - context menu related to evil theme from bug 272807 caused crash [@ nsScriptSecurityManager::GetScriptPrincipal]

Status: RESOLVED WONTFIX

(Core :: Security: CAPS, defect, P5)

Description

[timeless]

Incident ID: 2296016
Stack Signature	nsScriptSecurityManager::GetScriptPrincipal c1972148
Product ID	Firefox10
Build ID	2004110711
Trigger Time	2004-12-01 10:54:33.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	firefox.exe + (000a23be)
URL visited	
User Comments	Right clicked on custom theme after installation.
Since Last Crash	5857 sec
Total Uptime	24650 sec
Trigger Reason	Access violation
Source File, Line No.
d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/caps/src/nsScriptSecurityManager.cpp,
line 1784
Stack Trace 	
nsScriptSecurityManager::GetScriptPrincipal 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/caps/src/nsScriptSecurityManager.cpp,
line 1784]
nsScriptSecurityManager::GetFramePrincipal 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/caps/src/nsScriptSecurityManager.cpp,
line 1830]
nsScriptSecurityManager::IsCapabilityEnabled 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/caps/src/nsScriptSecurityManager.cpp,
line 2024]
nsEventStateManager::DispatchNewEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/events/src/nsEventStateManager.cpp,
line 4570]
nsBoxFrame::FireDOMEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsBoxFrame.cpp,
line 2640]
nsMenuFrame::SelectMenu 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 594]
nsMenuPopupFrame::SetCurrentMenuItem 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuPopupFrame.cpp,
line 1495]
nsMenuFrame::HandleEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/xul/base/src/nsMenuFrame.cpp,
line 501]
PresShell::HandleEventInternal 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp,
line 6103]
PresShell::HandleEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/layout/html/base/src/nsPresShell.cpp,
line 5921]
nsViewManager::HandleEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp,
line 2326]
nsViewManager::DispatchEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/view/src/nsViewManager.cpp,
line 2066]
HandleEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/view/src/nsView.cpp,
line 77]
nsWindow::DispatchEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 1067]
nsWindow::DispatchMouseEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 5261]
ChildWindow::DispatchMouseEvent 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 5511]
nsWindow::WindowProc 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsWindow.cpp,
line 1349]
USER32.dll + 0x8709 (0x77d48709)
USER32.dll + 0x87eb (0x77d487eb)
USER32.dll + 0x89a5 (0x77d489a5)
USER32.dll + 0x89e8 (0x77d489e8)
nsAppShell::Run 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/widget/src/windows/nsAppShell.cpp,
line 159]
nsAppShellService::Run 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpfe/appshell/src/nsAppShellService.cpp,
line 495]
main 
[d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/browser/app/nsBrowserApp.cpp,
line 58]
kernel32.dll + 0x16d4f (0x7c816d4f)

Comment 1

[Wayne Mery (:wsmwk)]

Might this exact crash be gone?

THere is a crash nsScriptSecurityManager::GetScriptPrincipal(JSContext*, JSScript*, unsigned int*) eg bp-08f82ae4-a844-48a7-af0c-7c7732091218 (3.6b1) but the stack doesn't resemble comment 0 stack.

Comment 2

[Sylvestre Ledru [:Sylvestre]]

Closing because no crash reported since 12 weeks.