Closed
Bug 371159
Opened 18 years ago
Closed 16 years ago
Crash [@ JS_GetFrameFunctionObject] on branch with testcase from bug 371158
Categories
(Core :: Security: CAPS, defect)
Tracking
()
RESOLVED
WORKSFORME
People
(Reporter: martijn.martijn, Assigned: dveditz)
References
()
Details
(Keywords: crash, testcase)
Crash Data
See testcase, you need to test it locally, because of the use of enhanced privileges.
Talkback ID: TB29554124X
JS_GetFrameFunctionObject [mozilla/js/src/jsdbgapi.c, line 897]
nsScriptSecurityManager::GetPrincipalAndFrame [mozilla/caps/src/nsScriptSecurityManager.cpp, line 2077]
nsScriptSecurityManager::GetSubjectPrincipal [mozilla/caps/src/nsScriptSecurityManager.cpp, line 2119]
nsScriptSecurityManager::doGetSubjectPrincipal [mozilla/caps/src/nsScriptSecurityManager.cpp, line 1717]
nsScriptSecurityManager::SubjectPrincipalIsSystem [mozilla/caps/src/nsScriptSecurityManager.cpp, line 1752]
nsGlobalWindow::IsCallerChrome [mozilla/dom/src/base/nsGlobalWindow.cpp, line 3269]
nsGlobalWindow::CanSetProperty [mozilla/dom/src/base/nsGlobalWindow.cpp, line 4200]
nsWebShellWindow::HandleEvent [mozilla/xpfe/appshell/src/nsWebShellWindow.cpp, line 501]
nsWindow::DispatchEvent [mozilla/widget/src/windows/nsWindow.cpp, line 1389]
nsWindow::DispatchFocus [mozilla/widget/src/windows/nsWindow.cpp, line 6628]
nsWindow::ProcessMessage [mozilla/widget/src/windows/nsWindow.cpp, line 5147]
nsWindow::WindowProc [mozilla/widget/src/windows/nsWindow.cpp, line 1577]
USER32.dll + 0x8709 (0x77d18709)
USER32.dll + 0x87eb (0x77d187eb)
USER32.dll + 0xb368 (0x77d1b368)
USER32.dll + 0xb3b4 (0x77d1b3b4)
ntdll.dll + 0xeae3 (0x7c90eae3)
USER32.dll + 0xb2a1 (0x77d1b2a1)
USER32.dll + 0xb23c (0x77d1b23c)
nsWindow::DefaultWindowProc [mozilla/widget/src/windows/nsWindow.cpp, line 1603]
USER32.dll + 0x8709 (0x77d18709)
USER32.dll + 0x87eb (0x77d187eb)
USER32.dll + 0xc00e (0x77d1c00e)
USER32.dll + 0xc034 (0x77d1c034)
nsWindow::WindowProc [mozilla/widget/src/windows/nsWindow.cpp, line 1584]
USER32.dll + 0x8709 (0x77d18709)
USER32.dll + 0x87eb (0x77d187eb)
USER32.dll + 0xb368 (0x77d1b368)
USER32.dll + 0xb3b4 (0x77d1b3b4)
ntdll.dll + 0xeae3 (0x7c90eae3)
USER32.dll + 0x93df (0x77d193df)
nsAppShell::Run [mozilla/widget/src/windows/nsAppShell.cpp, line 128]
nsAppStartup::Run [mozilla/toolkit/components/startup/src/nsAppStartup.cpp, line 152]
main [mozilla/browser/app/nsBrowserApp.cpp, line 61]
kernel32.dll + 0x16d4f (0x7c816d4f)
This stack trace looks similar to one of the stack traces in bug 279678, so I guess it might be related to that.
|
||
Comment 1•18 years ago
|
||
Why is this bug security-sensitive?
WFM on Mac with a 2.0.0.x nightly.
|
Reporter | |
Comment 2•18 years ago
|
||
Because it crashes on branch.
|
|
||
Comment 3•18 years ago
|
||
Does the crash look like something other than a null deref, though?
|
|
Reporter | |
Comment 4•18 years ago
|
||
I don't know, I posted the stacktrace, I'll make the bug public, because that's not a problem, right?
Group: security
|
|
Reporter | |
Comment 5•16 years ago
|
||
Marking resolved worksforme, as this is only a problem in the 1.8 branch and not in later builds and the 1.8 branch is not maintained anymore by Mozilla.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
|
||
Updated•14 years ago
|
Crash Signature: [@ JS_GetFrameFunctionObject]
You need to log in
before you can comment on or make changes to this bug.
Description
•