Closed
Bug 326778
Opened 20 years ago
Closed 20 years ago
[FIX]document.getBoxObjectFor({}) crashes
Categories
(Core :: DOM: Core & HTML, defect, P2)
Core
DOM: Core & HTML
Tracking
()
VERIFIED
FIXED
mozilla1.9alpha1
People
(Reporter: jruderman, Assigned: bzbarsky)
Details
(4 keywords, Whiteboard: [rft-dl])
Attachments
(2 files)
|
46 bytes,
text/html
|
Details | |
|
1.90 KB,
patch
|
sicking
:
review+
peterv
:
superreview+
peterv
:
approval-branch-1.8.1+
dveditz
:
approval1.8.0.2+
|
Details | Diff | Splinter Review |
Calling document.getBoxObjectFor with a parameter of {} crashes. Top of the stack in a debug build on Mac:
0 libgklayout.dylib 0x0b564204 nsCOMPtr<nsINodeInfo>::operator->() const + 36 (nsCOMPtr.h:850)
1 libgklayout.dylib 0x0b564e74 nsINode::GetOwnerDoc() const + 40 (nsINode.h:116)
2 libgklayout.dylib 0x0b2645ac nsXBLService::ResolveTag(nsIContent*, int*, nsIAtom**) + 44 (nsXBLService.cpp:686)
3 libgklayout.dylib 0x0b092aec nsDocument::GetBoxObjectFor(nsIDOMElement*, nsIBoxObject**) + 756 (nsDocument.cpp:3321)
See also bug 234331, "Mozilla crashes if document.getBoxObjectFor() is called with an undefined parameter" (fixed in 2004).
|
Reporter | |
Comment 1•20 years ago
|
||
|
|
Reporter | |
Updated•20 years ago
|
Severity: normal → critical
|
Assignee | |
Comment 2•20 years ago
|
||
Attachment #211623 -
Flags: review?
|
|
Assignee | |
Updated•20 years ago
|
Attachment #211623 -
Flags: superreview?(peterv)
Attachment #211623 -
Flags: review?(bugmail)
Attachment #211623 -
Flags: review?
Attachment #211623 -
Flags: approval-branch-1.8.1?(peterv)
|
|
Assignee | |
Comment 3•20 years ago
|
||
Do we want this fixed on other branches too?
Assignee: general → bzbarsky
OS: MacOS X → All
Priority: -- → P2
Hardware: Macintosh → All
Summary: document.getBoxObjectFor({}) crashes → [FIX]document.getBoxObjectFor({}) crashes
Target Milestone: --- → mozilla1.9alpha
Attachment #211623 -
Flags: review?(bugmail) → review+
|
||
Comment 4•20 years ago
|
||
Comment on attachment 211623 [details] [diff] [review]
Fix
We might want to take this on the other branches too, the risk should be fairly low and it fixes a crash.
Attachment #211623 -
Flags: superreview?(peterv)
Attachment #211623 -
Flags: superreview+
Attachment #211623 -
Flags: approval-branch-1.8.1?(peterv)
Attachment #211623 -
Flags: approval-branch-1.8.1+
|
|
Assignee | |
Comment 5•20 years ago
|
||
Fixed trunk and 1.8.1 branch.
|
|
Assignee | |
Comment 6•20 years ago
|
||
Comment on attachment 211623 [details] [diff] [review]
Fix
Requesting 1.8.0.x branch approval. Completely safe null-check crash fix.
Attachment #211623 -
Flags: approval1.8.0.2?
|
||
Updated•20 years ago
|
Flags: blocking1.8.0.2+
|
|
||
Comment 7•20 years ago
|
||
Comment on attachment 211623 [details] [diff] [review]
Fix
approved for 1.8.0 branch, a=dveditz
Attachment #211623 -
Flags: approval1.8.0.2? → approval1.8.0.2+
|
|
Reporter | |
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
|
|
||
Updated•20 years ago
|
Whiteboard: [rft-dl]
|
|
||
Comment 9•20 years ago
|
||
v.fixed on 1.8.0 branch with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.2) Gecko/20060306 Firefox/1.5.0.2, no crash with testcase.
Keywords: fixed1.8.0.2 → verified1.8.0.2
|
||
Updated•13 years ago
|
Component: DOM: Mozilla Extensions → DOM
|
|
||
Updated•7 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•