Closed
Bug 366818
Opened 18 years ago
Closed 17 years ago
crash [@ nsDOMConstructor::HasInstance ]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: Mook, Assigned: peterv)
References
()
Details
(Keywords: crash, fixed1.8.0.12, verified1.8.1.4)
Crash Data
Attachments
(2 files)
|
6.44 KB,
text/plain
|
Details | |
|
1.18 KB,
patch
|
jst
:
review+
jst
:
superreview+
dveditz
:
approval1.8.1.4+
dveditz
:
approval1.8.0.12+
|
Details | Diff | Splinter Review |
(See URL) I've somehow gotten in nsDOMConstructor::HasInstance where neither line 4991 nor line 4994 is true, therefore ci_data remains null. I then crash on line 5008 due to an access violation. Unfortunately, my steps to reproduce consist of: 1) Get Firefox trunk 2) Get Firebug 1.0b 3) Go to a page (I used slashdot) 4) Open firebug and click around (usually when going from the console view to the HTML view). I'll try crashing again and see what name_struct->mType is.
Some random relevant-looking variables I found in the debugger:
name_struct->mType = eTypeProperty
dom_class.name = "InstallTrigger"
class_iid = {a6cf906b-15b3-11d2-932e-00805f8add32} = nsIDOMWindow
stack looks big, see attachment. Bugzilla will want to wrap it anyway.
I still think that, at minimum, some sort of early bail-out would be nice (so at least I don't crash).
|
Assignee | |
Updated•18 years ago
|
|
|
Assignee | |
Updated•18 years ago
|
|
|
Assignee | |
Comment 2•18 years ago
|
||
I think eTypeProperty is the only one that can trigger this, but this is more bulletproof. We could try to get the interfaces from the object's classinfo, but that doesn't seem worth it for such an edge-case.
Assignee: general → peterv
Status: NEW → ASSIGNED
Attachment #251530 -
Flags: superreview?(jst)
Attachment #251530 -
Flags: review?(jst)
|
||
Comment 3•18 years ago
|
||
Comment on attachment 251530 [details] [diff] [review] v1 r+sr=jst
Attachment #251530 -
Flags: superreview?(jst)
Attachment #251530 -
Flags: superreview+
Attachment #251530 -
Flags: review?(jst)
Attachment #251530 -
Flags: review+
|
|
Assignee | |
Updated•17 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 4•17 years ago
|
||
Comment on attachment 251530 [details] [diff] [review] v1 Trivial crash fix.
Attachment #251530 -
Flags: approval1.8.1.3?
Attachment #251530 -
Flags: approval1.8.0.11?
|
||
Comment 5•17 years ago
|
||
Comment on attachment 251530 [details] [diff] [review] v1 approved for 1.8/1.8.0 branches, a=dveditz for drivers
Attachment #251530 -
Flags: approval1.8.1.4?
Attachment #251530 -
Flags: approval1.8.1.4+
Attachment #251530 -
Flags: approval1.8.0.12?
Attachment #251530 -
Flags: approval1.8.0.12+
|
|
Assignee | |
Updated•17 years ago
|
Keywords: fixed1.8.0.12,
fixed1.8.1.4
|
||
Comment 6•17 years ago
|
||
verified fixed on the 1.8 branch using Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.4pre) Gecko/2007050804 BonEcho/2.0.0.4pre. Installed Firebug and clicked around on slashdot as described in original report, no crash observed. Adding branch verified keyword.
Keywords: fixed1.8.1.4 → verified1.8.1.4
|
||
Comment 7•17 years ago
|
||
verified fixed 1.8.0.12 using Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.12pre) Gecko/20070508 Firefox/1.5.0.12pre and the steps to reproduce from comment #0. No crash with Firebug on slashdot. Adding verified keyword.
Summary: crash [ @ nsDOMConstructor::HasInstance ] → crash [@ nsDOMConstructor::HasInstance ]
|
||
Updated•13 years ago
|
Crash Signature: [@ nsDOMConstructor::HasInstance ]
|
|
||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•