Closed
Bug 377535
Opened 16 years ago
Closed 16 years ago
Crash [@ nsLinkableAccessible::CacheActionContent] with appending area and strange prefix
Categories
(Core :: Disability Access APIs, defect)
Core
Disability Access APIs
Tracking
()
RESOLVED
FIXED
People
(Reporter: martijn.martijn, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: crash, testcase, verified1.8.1.8, Whiteboard: [sg:nse null-deref])
Crash Data
Attachments
(5 files, 2 obsolete files)
1.34 KB,
text/html
|
Details | |
5.77 KB,
text/plain
|
Details | |
1.91 KB,
patch
|
aaronlev
:
review+
|
Details | Diff | Splinter Review |
2.31 KB,
patch
|
Details | Diff | Splinter Review | |
1.99 KB,
patch
|
aaronlev
:
review+
dveditz
:
approval1.8.1.8+
dveditz
:
approval1.8.0.14-
|
Details | Diff | Splinter Review |
The testcase uses enhanced privileges, so you need to download it to your computer to get the crash. It also crashes a recent 1.8 branch build. Talkback ID: TB31199479H nsLinkableAccessible::CacheActionContent [mozilla/accessible/src/base/nsbasewidgetaccessible.cpp, line 250] nsLinkableAccessible::Init [mozilla/accessible/src/base/nsbasewidgetaccessible.cpp, line 286] nsAccessibilityService::GetAccessible [mozilla/accessible/src/base/nsaccessibilityservice.cpp, line 1175] nsThreadManager::GetIsMainThread [mozilla/xpcom/threads/nsthreadmanager.cpp, line 279]
Reporter | ||
Comment 1•16 years ago
|
||
Assignee | ||
Updated•16 years ago
|
Assignee: aaronleventhal → mats.palmgren
OS: Windows XP → All
Hardware: PC → All
Whiteboard: [sg:nse null-deref]
Assignee | ||
Comment 2•16 years ago
|
||
Assignee | ||
Comment 3•16 years ago
|
||
Assignee | ||
Comment 4•16 years ago
|
||
Attachment #261594 -
Flags: review?(aaronleventhal)
Comment 5•16 years ago
|
||
Comment on attachment 261594 [details] [diff] [review] Patch rev. 1 (diff -w) Mats, can yo udescribe what kind of object is <a> or <area> that is not nsILink?
Attachment #261594 -
Flags: review?(aaronleventhal) → review+
Assignee | ||
Comment 6•16 years ago
|
||
(In reply to comment #5) > (From update of attachment 261594 [details] [diff] [review]) > Mats, can yo udescribe what kind of object is <a> or <area> that is not > nsILink? An element that isn't [X]HTML. Now that I think about it, we should check that before trying QI (it's how we do it in other places in the code). Same patch as before with the addtion to the if-condition: walkUpContent->IsNodeOfType(nsINode::eHTML)
Attachment #261593 -
Attachment is obsolete: true
Attachment #261594 -
Attachment is obsolete: true
Attachment #262262 -
Flags: review?(aaronleventhal)
Comment 7•16 years ago
|
||
Comment on attachment 262262 [details] [diff] [review] Patch rev. 2 (diff -w) Something about the line breaks -- this patch is unreadable.
Attachment #262262 -
Flags: review?(aaronleventhal)
Assignee | ||
Updated•16 years ago
|
Attachment #262262 -
Attachment is patch: true
Attachment #262262 -
Attachment mime type: text/html → text/plain
Assignee | ||
Comment 8•16 years ago
|
||
Comment on attachment 262262 [details] [diff] [review] Patch rev. 2 (diff -w) I forgot to click the Patch checkbox, sorry.
Attachment #262262 -
Flags: review?(aaronleventhal)
Updated•16 years ago
|
Attachment #262262 -
Flags: review?(aaronleventhal) → review+
Assignee | ||
Comment 9•16 years ago
|
||
Checked in to trunk at 2007-05-06 02:03 PDT. -> FIXED
Status: NEW → RESOLVED
Closed: 16 years ago
Flags: in-testsuite?
Resolution: --- → FIXED
Updated•16 years ago
|
Group: security
Flags: wanted1.8.1.x?
Flags: wanted1.8.0.x?
Flags: blocking1.8.1.5?
Flags: blocking1.8.0.13?
Comment 10•16 years ago
|
||
Don't need to block on a null deref, but will approve the patch if you want to land it on the branch.
Flags: wanted1.8.1.x?
Flags: wanted1.8.0.x?
Flags: blocking1.8.1.5?
Flags: blocking1.8.0.13?
Updated•16 years ago
|
Attachment #262262 -
Flags: approval1.8.1.5?
Comment 11•16 years ago
|
||
Comment on attachment 262262 [details] [diff] [review] Patch rev. 2 (diff -w) approved for 1.8.1.5, a=juanb for release-drivers
Attachment #262262 -
Flags: approval1.8.1.5? → approval1.8.1.5+
Assignee | ||
Comment 12•16 years ago
|
||
Comment on attachment 262262 [details] [diff] [review] Patch rev. 2 (diff -w) This patch does not apply to branches.
Attachment #262262 -
Flags: approval1.8.1.5+
Assignee | ||
Comment 13•16 years ago
|
||
Assignee | ||
Comment 14•16 years ago
|
||
This makes nsLinkableAccessible::CacheActionContent() up-to-date with the trunk version. Notice the added 'break;'s. I can't crash branch builds on Linux on the testcase without the patch, although I suspect there could be a way to do it given the similarity of the code. Aaron, do you still want this for branches?
Attachment #270504 -
Flags: review?(aaronleventhal)
Updated•16 years ago
|
Attachment #270504 -
Flags: review?(aaronleventhal) → review+
Assignee | ||
Updated•16 years ago
|
Attachment #270504 -
Flags: approval1.8.1.7?
Attachment #270504 -
Flags: approval1.8.0.13?
Updated•16 years ago
|
Attachment #270504 -
Flags: approval1.8.0.13? → approval1.8.0.14?
Comment 15•16 years ago
|
||
Comment on attachment 270504 [details] [diff] [review] Patch rev. 2.1 (for branches) (diff -w) approved for 1.8.1.7, a=dveditz for release-drivers
Attachment #270504 -
Flags: approval1.8.1.7?
Attachment #270504 -
Flags: approval1.8.1.7+
Attachment #270504 -
Flags: approval1.8.0.14?
Attachment #270504 -
Flags: approval1.8.0.14-
Assignee | ||
Comment 16•16 years ago
|
||
MOZILLA_1_8_BRANCH mozilla/accessible/src/base/nsBaseWidgetAccessible.cpp 1.38.2.5
Keywords: fixed1.8.1.7
Comment 17•16 years ago
|
||
verified fixed 1.8.1.7 using : Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.7pre) Gecko/2007091303 BonEcho/2.0.0.7pre and Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.7pre) Gecko/2007091303 BonEcho/2.0.0.7pre (Fedora F7) no crash the steps to reproduce - local testcase -> adding verified keyword
Keywords: fixed1.8.1.7 → verified1.8.1.7
Updated•12 years ago
|
Crash Signature: [@ nsLinkableAccessible::CacheActionContent]
You need to log in
before you can comment on or make changes to this bug.
Description
•