Closed Bug 349201 Opened 18 years ago Closed 18 years ago

Crash [@ XULPopupListenerImpl::ClosePopup]

Categories

(Core :: XUL, defect)

Product:
Core
Component:
XUL
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla1.8.1

People

(Reporter: smaug, Assigned: smaug)

Details

(Keywords: crash, verified1.8.0.7, verified1.8.1, Whiteboard: [sg:critical] uses freed mem)

Crash Data

Attachments

(2 files, 1 obsolete file)

tescase
595 bytes, application/vnd.mozilla.xul+xml
Details
proposed patch
4.55 KB, patch
enndeakin
: review+
bzbarsky
: superreview+
dveditz
: approval1.8.0.7+
mtschrep
: approval1.8.1+
Details | Diff | Splinter Review 
nsXULPopupListener keeps a weak reference to the popup.
Bad things happen if popup is deleted before the listener.
Testcase and patch coming.
Attached file tescase 
Right click to see context menu. Wait until it disappears.
You may have to reload/retry few times.
Tested 1.8.1 and trunk and crashes in both cases.
Attached patch proposed patch (obsolete) — Splinter Review 
Don't use raw pointer but boxobject, since box object won't do anything after
the element it points to is deleted or removed from document.
Attachment #234449 - Flags: superreview?(bzbarsky)
Attachment #234449 - Flags: review?(enndeakin)
Flags: blocking1.9?
Flags: blocking1.8.1?
Flags: blocking1.8.0.7?
Also 1.8.0 crashes.
Oops, the changes to nsXULDocument.cpp aren't related to this bug.
Attached patch proposed patchSplinter Review 

        Attachment #234449 -
        Attachment is obsolete: true

        Attachment #234455 -
        Flags: superreview?(bzbarsky)

        Attachment #234455 -
        Flags: review?(enndeakin)

        Attachment #234449 -
        Flags: superreview?(bzbarsky)

        Attachment #234449 -
        Flags: review?(enndeakin)

    
  

        Attachment #234455 -
        Flags: review?(enndeakin) → review+

    
    

    
  
Comment on attachment 234455 [details] [diff] [review]
proposed patch

Makes sense.

        Attachment #234455 -
        Flags: superreview?(bzbarsky) → superreview+

        Attachment #234455 -
        Flags: approval1.8.1?

        Attachment #234455 -
        Flags: approval1.8.0.7?
Status: NEW → RESOLVED
Closed: 18 years ago
Resolution: --- → FIXED

    
  
Flags: blocking1.8.1? → blocking1.8.1+
Target Milestone: --- → mozilla1.8.1

    
  
Whiteboard: [181approval pending]

    
    

    
  
What is the 181 approval pending on? coordination with 1.8.0.7?
Whiteboard: [181approval pending] → [sg:critical] uses freed mem [181approval pending]

    
    

    
  
Comment on attachment 234455 [details] [diff] [review]
proposed patch

a=schrep for drivers - approving all [181approval pending] bugs now that tree is open.

        Attachment #234455 -
        Flags: approval1.8.1? → approval1.8.1+
Keywords: fixed1.8.1
Flags: blocking1.8.0.7? → blocking1.8.0.7+
Whiteboard: [sg:critical] uses freed mem [181approval pending] → [sg:critical] uses freed mem

    
    

    
  
Comment on attachment 234455 [details] [diff] [review]
proposed patch

approved for 1.8.0 branch, a=dveditz for drivers

        Attachment #234455 -
        Flags: approval1.8.0.7? → approval1.8.0.7+
Keywords: fixed1.8.0.7
Flags: blocking1.9?

    
    

    
  
https://bugzilla.mozilla.org/attachment.cgi?id=234448&action=view shouldn't cause a crash when following directions in comment #1.

Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1b2) Gecko/20060825 BonEcho/2.0b2

verified 1.8.1b2

Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.0.7pre) Gecko/20060825 Firefox/1.5.0.7pre

verified 1.8.0.7
Status: RESOLVED → VERIFIED
Keywords: fixed1.8.0.7, 
          
            fixed1.8.1verified1.8.0.7, 
          
            verified1.8.1
Keywords: crash
Group: security

    
  
Component: XP Toolkit/Widgets: XUL → XUL
QA Contact: xptoolkit.xul → xptoolkit.widgets
Crash Signature: [@ XULPopupListenerImpl::ClosePopup]

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: