Closed
Bug 321494
Opened 19 years ago
Closed 19 years ago
ASSERTION: Unexpected JSContext popped!, ASSERTION: ThreadJSContextStack underflow due to missing early return
Categories
(Core :: Layout: Form Controls, defect, P1)
Tracking
()
RESOLVED
FIXED
mozilla1.9alpha1
People
(Reporter: bc, Assigned: bzbarsky)
References
()
Details
(Keywords: fixed1.8.0.1, fixed1.8.1)
Attachments
(1 file)
1.32 KB,
patch
|
sicking
:
review+
brendan
:
superreview+
dveditz
:
approval1.8.0.1+
dveditz
:
approval1.8.1+
|
Details | Diff | Splinter Review |
From bug 285755 comment 8: the ensuing assertions are due to a bug in the patch for bug 287446. An early return that should be there got lost. :( We should probably file a separate bug on that and fix it on the 1.8 branches... :(
Reporter | ||
Updated•19 years ago
|
Flags: blocking1.8.1?
Flags: blocking1.8.0.1?
Assignee | ||
Updated•19 years ago
|
Comment 1•19 years ago
|
||
What negative effects come from this? The testcase URL is WFM for bsmedberg. Need a baked patch to consider for 1.8.0.1
Flags: blocking1.8.0.1? → blocking1.8.0.1-
Assignee | ||
Comment 2•19 years ago
|
||
This is dead-simple. Should have been in the original checkin. If we ever hit this code without this patch, we'll probably end up with a security hole (since the right jscontext won't be on the stack). There's zero risk here; I really think we should take this for 1.8.0.1.
Attachment #207771 -
Flags: superreview?(jst)
Attachment #207771 -
Flags: review?(jst)
Attachment #207771 -
Flags: approval1.8.1?
Attachment #207771 -
Flags: approval1.8.0.1?
Assignee | ||
Comment 3•19 years ago
|
||
Renominating for 1.8.0.1. I really think we should take this on branch... possibly even if it means an extra day in the cycle to give this more bake time if drivers want more bake time. See comment 2 for details.
Flags: blocking1.8.0.1- → blocking1.8.0.1?
Comment 4•19 years ago
|
||
Comment on attachment 207771 [details] [diff] [review] Patch sr=me, jst would agree. /be
Attachment #207771 -
Flags: superreview?(jst) → superreview+
Attachment #207771 -
Flags: review?(jst) → review+
Assignee | ||
Comment 5•19 years ago
|
||
<brendan> bz: you didn't answer dveditz in the bug about how people hit this > brendan: it's an error condition > brendan: they generally don't <brendan> someone did <brendan> bad luck? > brendan: that was because of another bug that broke QI > brendan: but frankly, I don't think we want people to be exploitable because some dumb extension breaks editor
Assignee | ||
Comment 6•19 years ago
|
||
Fixed on trunk.
Status: NEW → RESOLVED
Closed: 19 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9alpha
Updated•19 years ago
|
Flags: blocking1.8.1?
Flags: blocking1.8.1+
Flags: blocking1.8.0.1?
Flags: blocking1.8.0.1+
Comment 7•19 years ago
|
||
Comment on attachment 207771 [details] [diff] [review] Patch a=dveditz for drivers
Attachment #207771 -
Flags: approval1.8.1?
Attachment #207771 -
Flags: approval1.8.1+
Attachment #207771 -
Flags: approval1.8.0.1?
Attachment #207771 -
Flags: approval1.8.0.1+
Assignee | ||
Comment 8•19 years ago
|
||
*** Committing to MOZILLA_1_8_BRANCH... /cvsroot/mozilla/layout/forms/nsTextControlFrame.cpp,v <-- nsTextControlFrame.cpp new revision: 3.197.10.4; previous revision: 3.197.10.3 *** Committing layout/forms/nsTextControlFrame.cpp on MOZILLA_1_8_0_BRANCH... /cvsroot/mozilla/layout/forms/nsTextControlFrame.cpp,v <-- nsTextControlFrame.cpp new revision: 3.197.10.3.2.1; previous revision: 3.197.10.3
Keywords: fixed1.8.0.1,
fixed1.8.1
You need to log in
before you can comment on or make changes to this bug.
Description
•