Firefox crashes if removing parent node while in XBL constructor

VERIFIED FIXED

Status

()

Core
XBL
VERIFIED FIXED
10 years ago
10 years ago

People

(Reporter: Vlad Sukhoy, Unassigned)

Tracking

({crash, testcase, verified1.8.1.8})

1.8 Branch
x86
Mac OS X
crash, testcase, verified1.8.1.8
Points:
---
Bug Flags:
blocking1.8.1.8 +
wanted1.8.1.x +
wanted1.8.0.x +
in-testsuite ?

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [sg:critical?] fixed in 1.9 by 267833)

Attachments

(1 attachment)

884 bytes, application/xhtml+xml
Details
(Reporter)

Description

10 years ago
 
(Reporter)

Comment 1

10 years ago
Created attachment 271960 [details]
testcase
(Reporter)

Updated

10 years ago
Keywords: crash, testcase
This is branch-only, right?  This seems to work fine on trunk.

And if so, this is basically bug 267833, no?
(Reporter)

Comment 3

10 years ago
Branch-only. If there is no security risk, then WONTFIX..
Sure there's risk.  That's why we want to land bug 267833 on branch.  ;)
Group: security
Depends on: 267833
Flags: wanted1.8.1.x+
Flags: wanted1.8.0.x+
Flags: blocking1.8.1.6?
in 1.8.1.5pre I crash at nsCachedStyleData::GetStyleData() Line 210, 'this' is a deleted object.
Whiteboard: [sg:critical?] fixed in 1.9 by 267833
Flags: blocking1.8.1.7? → blocking1.8.1.7+
the branch checkin for bug 267833 has fixed this one for 1.8.1.8
Keywords: fixed1.8.1.8
verified fixed 1.8.1.8 using Mozilla/5.0 (Macintosh; U; Intel Mac OS X; ja-JP-mac; rv:1.8.1.8) Gecko/2007100816 Firefox/2.0.0.8 - no crash on testcase - adding verified keyword
Keywords: fixed1.8.1.8 → verified1.8.1.8
Group: security

Comment 8

10 years ago
Can someone change the status then to VERIFIED? This is in the list of bugs fixed for MFSA 2007-29 but stands out cos of it's 'NEW' status.
(Reporter)

Updated

10 years ago
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
(Reporter)

Updated

10 years ago
Status: RESOLVED → VERIFIED
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.