Closed Bug 281096 Opened 20 years ago Closed 5 years ago

OOM check is missing [@nsStyleContext::SetStyle]

Categories

(Core :: CSS Parsing and Computation, defect)

Product:
Core
Component:
CSS Parsing and Computation
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: dewildt, Unassigned)

References

(
URL
)

Details

(Keywords: crash, helpwanted)

Crash Data

Either nsResetStyleData or nsInheritedStyleData in instanciated in
nsStyleContext::SetStyle. Their adresses are used as offsets to store data,
which results in a crash.
So just a null-check and return for resetOrInherit inside the 
|if (!resetOrInherit)| code before existing the conditional should fix this, right?

That may leak the struct, though....
OS: Windows XP → All
Hardware: PC → All
Keywords: helpwanted
Assignee: dbaron → nobody
QA Contact: ian → style-system
I crashed on this too: TB32772972Z

FIREFOX caused an invalid page fault in module FIREFOX.EXE at 0167:00655dfd.
Registers:
EAX=00000000 CS=0167 EIP=00655dfd EFLGS=00010246
EBX=04fed93c SS=016f ESP=00d8e668 EBP=00d8e698
ECX=00000018 DS=016f ESI=04690918 FS=0e47
EDX=04690918 ES=016f EDI=05453a10 GS=0000
Bytes at CS:EIP:
89 14 08 c2 08 00 55 8b ec 51 53 56 8b f1 57 bf 
Stack dump:
0063277b 0000000b 04690918 00b0ab8c 04fed93c 04feda54 00000000 00000000 04fed93c 00000800 04fed93c 00000000 00d8e72c 00631f28 0000000b 05453a10
TB37790306X
These are allocated with |new|, right?  I thought we didn't have to null-check |new|.
I think we're not there yet, but will be soon.
Crash Signature: [@nsStyleContext::SetStyle]

Closing because no crashes reported for 12 weeks.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.