Closed
Bug 309599
Opened 19 years ago
Closed 19 years ago
crash in nsIHTMLEditor::insertHTML
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: surkov, Assigned: martijn.martijn)
References
Details
(4 keywords)
Attachments
(3 files)
981 bytes,
application/vnd.mozilla.xul+xml
|
Details | |
1.17 KB,
application/vnd.mozilla.xul+xml
|
Details | |
1.27 KB,
patch
|
Brade
:
review+
jst
:
superreview+
jst
:
approval-branch-1.8.1+
jay
:
approval1.8.0.4+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4
nsIHTMLEditor.insertHTML("") crashes mozilla.
Reproducible: Always
Reporter | ||
Comment 1•19 years ago
|
||
Comment 2•19 years ago
|
||
The insertHTML dialog for Composer does a null-check for this case, see
http://lxr.mozilla.org/mozilla/source/editor/ui/dialogs/content/EdInsSrc.js#72.
If you mess around with interfaces which directly interact with the engine, i
think you should do things like null-check yourself...
Reporter | ||
Comment 3•19 years ago
|
||
(In reply to comment #2)
> The insertHTML dialog for Composer does a null-check for this case, see
> http://lxr.mozilla.org/mozilla/source/editor/ui/dialogs/content/EdInsSrc.js#72.
> If you mess around with interfaces which directly interact with the engine, i
> think you should do things like null-check yourself...
When I got a crash then I begun to check incorrect values. But I belive mozilla
should not be crashed in any case.
Assignee | ||
Comment 4•19 years ago
|
||
Same as previous testcase, but with enableprivilege for easy testing the crash.
Assignee | ||
Comment 5•19 years ago
|
||
According to bug 309459, comment 4:
"Crashing is always a bug. In this case, visitEntries should be null-checking its
argument."
So that would make this a genuine bug, not?
Assignee | ||
Updated•19 years ago
|
Assignee: mozeditor → martijn.martijn
Assignee | ||
Comment 7•19 years ago
|
||
Not sure, but I guess some code in EdInsSrc.js could be removed also, if the patch is fine.
Comment 8•19 years ago
|
||
Comment on attachment 215754 [details] [diff] [review]
patch
Sorry, I don't really understand this code; try brade or glazou perhaps?
Attachment #215754 -
Flags: review?(neil)
Assignee | ||
Updated•19 years ago
|
Attachment #215754 -
Flags: review?(brade)
Comment 9•19 years ago
|
||
Comment on attachment 215754 [details] [diff] [review]
patch
r=brade
Attachment #215754 -
Flags: review?(brade) → review+
Assignee | ||
Updated•19 years ago
|
Attachment #215754 -
Flags: superreview?(jst)
Comment 10•19 years ago
|
||
Comment on attachment 215754 [details] [diff] [review]
patch
sr=jst (and please land on the 1.8.1 branch too)
Attachment #215754 -
Flags: superreview?(jst)
Attachment #215754 -
Flags: superreview+
Attachment #215754 -
Flags: approval-branch-1.8.1+
Assignee | ||
Comment 11•19 years ago
|
||
Checking in editor/libeditor/html/nsHTMLDataTransfer.cpp;
/cvsroot/mozilla/editor/libeditor/html/nsHTMLDataTransfer.cpp,v <-- nsHTMLData
Transfer.cpp
new revision: 1.115; previous revision: 1.114
done
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
Comment 12•19 years ago
|
||
Checked in on the 1.8 branch.
mozilla/editor/libeditor/html/nsHTMLDataTransfer.cpp; new revision: 1.110.2.2;
OS: Windows 2000 → All
Hardware: PC → All
Target Milestone: --- → mozilla1.8.1
Updated•19 years ago
|
Keywords: fixed1.8.1
Assignee | ||
Comment 13•19 years ago
|
||
Johnny, should I ask for approval 1.8.0.3?
Bug 331275 is a recent regression in the 1.8 branch, that gets fixed by this patch.
See bug 331275, comment 4, 306 crashes found in the old database for Thunderbird.
I think the patch is safe, not?
OS: All → Windows 2000
Hardware: All → PC
Target Milestone: mozilla1.8.1 → ---
Assignee | ||
Updated•19 years ago
|
Attachment #215754 -
Flags: approval1.8.0.3?
Comment 14•19 years ago
|
||
Comment on attachment 215754 [details] [diff] [review]
patch
Please check in promptly on the 1.8.0 branch. Thanks!
Attachment #215754 -
Flags: approval1.8.0.3? → approval1.8.0.3+
Comment 15•19 years ago
|
||
Checked in on the 1.8.0 branch.
mozilla/editor/libeditor/html/nsHTMLDataTransfer.cpp 1.110.2.1.4.1
Keywords: fixed1.8.0.4
Version: Trunk → 1.8 Branch
Comment 16•19 years ago
|
||
verified using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.4. No crash using either testcase.
Keywords: fixed1.8.0.4 → verified1.8.0.4
Comment 17•19 years ago
|
||
*** Bug 334883 has been marked as a duplicate of this bug. ***
You need to log in
before you can comment on or make changes to this bug.
Description
•