Closed Bug 309599 Opened 17 years ago Closed 16 years ago
crash in ns
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4 nsIHTMLEditor.insertHTML("") crashes mozilla. Reproducible: Always
The insertHTML dialog for Composer does a null-check for this case, see http://lxr.mozilla.org/mozilla/source/editor/ui/dialogs/content/EdInsSrc.js#72. If you mess around with interfaces which directly interact with the engine, i think you should do things like null-check yourself...
(In reply to comment #2) > The insertHTML dialog for Composer does a null-check for this case, see > http://lxr.mozilla.org/mozilla/source/editor/ui/dialogs/content/EdInsSrc.js#72. > If you mess around with interfaces which directly interact with the engine, i > think you should do things like null-check yourself... When I got a crash then I begun to check incorrect values. But I belive mozilla should not be crashed in any case.
Same as previous testcase, but with enableprivilege for easy testing the crash.
According to bug 309459, comment 4: "Crashing is always a bug. In this case, visitEntries should be null-checking its argument." So that would make this a genuine bug, not?
Status: UNCONFIRMED → NEW
Ever confirmed: true
This fixes it for me.
Not sure, but I guess some code in EdInsSrc.js could be removed also, if the patch is fine.
Comment on attachment 215754 [details] [diff] [review] patch Sorry, I don't really understand this code; try brade or glazou perhaps?
Comment on attachment 215754 [details] [diff] [review] patch r=brade
Attachment #215754 - Flags: review?(brade) → review+
Comment on attachment 215754 [details] [diff] [review] patch sr=jst (and please land on the 1.8.1 branch too)
Checking in editor/libeditor/html/nsHTMLDataTransfer.cpp; /cvsroot/mozilla/editor/libeditor/html/nsHTMLDataTransfer.cpp,v <-- nsHTMLData Transfer.cpp new revision: 1.115; previous revision: 1.114 done Fixed on trunk.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Checked in on the 1.8 branch. mozilla/editor/libeditor/html/nsHTMLDataTransfer.cpp; new revision: 18.104.22.168;
OS: Windows 2000 → All
Hardware: PC → All
Target Milestone: --- → mozilla1.8.1
Johnny, should I ask for approval 22.214.171.124? Bug 331275 is a recent regression in the 1.8 branch, that gets fixed by this patch. See bug 331275, comment 4, 306 crashes found in the old database for Thunderbird. I think the patch is safe, not?
OS: All → Windows 2000
Hardware: All → PC
Target Milestone: mozilla1.8.1 → ---
Comment on attachment 215754 [details] [diff] [review] patch Please check in promptly on the 1.8.0 branch. Thanks!
Attachment #215754 - Flags: approval126.96.36.199? → approval188.8.131.52+
Checked in on the 1.8.0 branch. mozilla/editor/libeditor/html/nsHTMLDataTransfer.cpp 184.108.40.206.4.1
Version: Trunk → 1.8 Branch
verified using Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20060508 Firefox/18.104.22.168. No crash using either testcase.
*** Bug 334883 has been marked as a duplicate of this bug. ***
You need to log in before you can comment on or make changes to this bug.