Closed
Bug 398271
Opened 17 years ago
Closed 17 years ago
Insert with no `nodeset` declaration causes crash
Categories
(Core Graveyard :: XForms, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jlc6, Assigned: jlc6)
References
Details
(Keywords: fixed1.8.1.12)
Attachments
(1 file)
876 bytes,
patch
|
smaug
:
review+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9a9pre) Gecko/2007100210 Minefield/3.0a9pre
Build Identifier: CVS HEAD, 2007-10-02T10:30:00-04:00
In some cases, inserting a node with no `nodeset` attribute specified will cause the browser to crash with the following (partial) backtrace:
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0 0xffffe410 in __kernel_vsyscall ()
#1 0xb733de66 in nanosleep () from /lib/tls/i686/cmov/libc.so.6
#2 0xb733dc8f in sleep () from /lib/tls/i686/cmov/libc.so.6
#3 0xb7ec26d9 in ah_crap_handler (signum=11) at nsSigHandlers.cpp:149
#4 0xb7edb854 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:210
#5 <signal handler called>
#6 0xb4ad27c6 in nsXFormsInsertDeleteElement::HandleAction (this=0x9599ba8, aEvent=0x9ae5d78,
aParentAction=0x9599a94)
at /home/john/development/mozilla/extensions/xforms/nsXFormsInsertDeleteElement.cpp:243
#7 0xb7d16c41 in NS_InvokeByIndex_P ()
at /home/john/development/mozilla/xpcom/reflect/xptinfo/src/xptiInterfaceInfo.cpp:73
Reproducible: Always
Assignee | ||
Comment 1•17 years ago
|
||
The `nodeset` variable is null if no `nodeset` attribute is specified, so we just bypass the assignment of `nodesetSize` (instead allowing it to remain 0).
Assignee | ||
Updated•17 years ago
|
Version: unspecified → Trunk
Comment 2•17 years ago
|
||
This is probably a regressions from bug 391586.
Merle can hopefully do the first review (use the 'Details' link on the
attachment to set 'review ? msterlin@us.ibm.com').
Btw, in the future, use also -p option of cvs diff.
Depends on: 391586
Comment 3•17 years ago
|
||
I am not authorized to edit the bug to add myself as a reviewer.
The error most likely is a regression from bug 391586 because I had to rearrange a lot of the code to get the in-scope evaluation context correct and apparently left out the check for a non-null nodeset. The patch is fine, so r=me.
Updated•17 years ago
|
Attachment #283196 -
Flags: review+
Updated•17 years ago
|
Assignee: nobody → jlc6
Comment 4•17 years ago
|
||
Checked in
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
checked into 1.8 branch via bug 410239.
Keywords: fixed1.8.1.12
Whiteboard: xf-to-branch
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•