Closed
Bug 316636
Opened 19 years ago
Closed 19 years ago
Crash [@ nsRect::nsRect(const nsRect & {...}) line 56]
Categories
(Core :: Layout, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: bc, Assigned: bernd_mozilla)
References
Details
(Keywords: crash, verified1.8.0.1, verified1.8.1, Whiteboard: [sg:nse] null dereference)
Crash Data
Attachments
(2 files)
|
499 bytes,
text/html
|
Details | |
|
1.66 KB,
patch
|
bzbarsky
:
review+
bzbarsky
:
superreview+
mtschrep
:
approval1.8.0.1+
mtschrep
:
approval1.8.1+
|
Details | Diff | Splinter Review |
More proof this is probably the same as bug 310426, it doesn't crash with 2005-09-20 build, but crashes with 2005-09-21 build (which is the same regression range as bug 310505, which is essentially a dupe of bug 310426).
Depends on: 310426
|
||
Comment 3•19 years ago
|
||
realCell is null on line 2318 of nsTableFrame.cpp. Adding a null check to the if(realCell != lastCell) line above would stop the crash, but I have no idea if it's the right thing to do: Are null cells something normal this code should be coping with, or is the fact we have a null cell the real problem?
Keywords: crash
Whiteboard: [sg:nse] null dereference
the code is simply wrong, it is seldom executed so its a very old bug
this makes the code more symmetric to http://lxr.mozilla.org/mozilla/source/layout/tables/nsTableFrame.cpp#2444
Attachment #204294 -
Flags: superreview?(bzbarsky)
Attachment #204294 -
Flags: review?(bzbarsky)
|
||
Updated•19 years ago
|
Attachment #204294 -
Flags: superreview?(bzbarsky)
Attachment #204294 -
Flags: superreview+
Attachment #204294 -
Flags: review?(bzbarsky)
Attachment #204294 -
Flags: review+
Fix checked in, Martijn could you please test with a build that has the patch and open a new bug with security flag and a new stacktrace.
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
|
||
Comment 8•19 years ago
|
||
Ok, I filed bug 318451.
Comment on attachment 204294 [details] [diff] [review] patch low risk null check, I think its branch worth. if not 1.8.0.1 then 1.8.1( or how you name it) for sure.
Attachment #204294 -
Flags: approval1.8.0.1?
|
||
Comment 10•19 years ago
|
||
Comment on attachment 204294 [details] [diff] [review] patch Please land in both 1.8.1 and 1.8.0 branches.
Attachment #204294 -
Flags: approval1.8.1+
Attachment #204294 -
Flags: approval1.8.0.1?
Attachment #204294 -
Flags: approval1.8.0.1+
|
Reporter | |
Comment 12•19 years ago
|
||
verified the _specified_ crash no longer occurs on windows with 1.8.0.1. Firefox 1.5.0.1 hangs now and requires the process to be killed. Trunk crashes with a newer, uglier stack appears in bug 322704.
Keywords: fixed1.8.0.1 → verified1.8.0.1
|
|
Reporter | |
Comment 13•19 years ago
|
||
verified no crash with the testcase on 1.8.0.1, 1.8.1, 1.9a1 on windows.
|
|
Reporter | |
Updated•19 years ago
|
Flags: testcase? → testcase+
|
|
||
Updated•18 years ago
|
Whiteboard: [sg:nse] null dereference → [sg:nse] null dereference. random-styles
|
|
Reporter | |
Updated•17 years ago
|
Flags: in-testsuite+ → in-testsuite?
|
|
||
Updated•17 years ago
|
Whiteboard: [sg:nse] null dereference. random-styles → [sg:nse] null dereference
|
|
||
Updated•17 years ago
|
Group: security
|
|
Reporter | |
Comment 14•15 years ago
|
||
crash test landed http://hg.mozilla.org/mozilla-central/rev/4d671f0bafad
Flags: in-testsuite? → in-testsuite+
|
||
Updated•13 years ago
|
Crash Signature: [@ nsRect::nsRect(const nsRect & {...}) line 56]
You need to log in
before you can comment on or make changes to this bug.
Comment 2
•