Closed
Bug 417266
Opened 16 years ago
Closed 16 years ago
crash [@ nsEventReceiverSH::IsEventName]
Categories
(Core :: DOM: Core & HTML, defect, P1)
Tracking
()
VERIFIED
FIXED
mozilla1.9beta4
People
(Reporter: smaug, Assigned: jst)
References
Details
Attachments
(3 files)
118 bytes,
text/html
|
Details | |
1.32 KB,
patch
|
Details | Diff | Splinter Review | |
1.59 KB,
patch
|
sicking
:
review+
sicking
:
superreview+
|
Details | Diff | Splinter Review |
The second testcase of bug 390813 crashes now [@ nsEventReceiverSH::IsEventName] ###!!! ASSERTION: Don't pass non-string jsval's here!: 'JSVAL_IS_STRING(id)', file /home/smaug/mozilla/mozilla_cvs/mozilla/dom/src/base/nsDOMClassInfo.h, line 360 #0 0x00000032d7097581 in nanosleep () from /lib64/libc.so.6 #1 0x00000032d70973a4 in sleep () from /lib64/libc.so.6 #2 0x00002aaaaaae5419 in ah_crap_handler (signum=11) at nsSigHandlers.cpp:149 #3 0x00002aaaaaaf3df1 in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:216 #4 <signal handler called> #5 JS_GetStringChars (str=0x0) at /home/smaug/mozilla/mozilla_cvs/mozilla/js/src/jsapi.c:5240 #6 0x00002aaab0e84fc3 in nsEventReceiverSH::IsEventName (id=3) at /home/smaug/mozilla/mozilla_cvs/mozilla/dom/src/base/nsDOMClassInfo.h:362 #7 0x00002aaab0e7d252 in nsWindowSH::SetProperty (this=0x138c590, wrapper=0x1669350, cx=0x138ce60, obj=0x2aaabbb62880, id=3, vp=0x7fff8e8f9158, _retval=0x7fff8e8f88f4) at /home/smaug/mozilla/mozilla_cvs/mozilla/dom/src/base/nsDOMClassInfo.cpp:4606 #8 0x00002aaab0660aca in XPC_WN_Helper_SetProperty (cx=0x138ce60, obj=0x2aaabbb62880, idval=3, vp=0x7fff8e8f9158) at /home/smaug/mozilla/mozilla_cvs/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp:962
Flags: blocking1.9?
Updated•16 years ago
|
Flags: blocking1.9? → blocking1.9+
Comment 1•16 years ago
|
||
Comment 2•16 years ago
|
||
The fix might be as simple as -if (IsEventName(id)) { +if (JSVAL_IS_STRING(id) && IsEventName(id)) { (untested)
Assignee | ||
Updated•16 years ago
|
Assignee: nobody → jst
Component: XPConnect → DOM
Keywords: assertion,
crash,
regression,
testcase
Priority: -- → P1
Target Milestone: --- → mozilla1.9beta4
Assignee | ||
Comment 3•16 years ago
|
||
Basically, yes. Patch coming...
Assignee | ||
Comment 4•16 years ago
|
||
Assignee | ||
Comment 5•16 years ago
|
||
Attachment #303130 -
Flags: superreview?(jonas)
Attachment #303130 -
Flags: review?(jonas)
Attachment #303130 -
Flags: superreview?(jonas)
Attachment #303130 -
Flags: superreview+
Attachment #303130 -
Flags: review?(jonas)
Attachment #303130 -
Flags: review+
Assignee | ||
Comment 6•16 years ago
|
||
Fix checked in.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
Updated•16 years ago
|
Flags: in-testsuite?
Comment 8•16 years ago
|
||
verified fixed using Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b4pre) Gecko/2008022704 Minefield/3.0b4pre. No crashes with either testcase noted in the bug.
Status: RESOLVED → VERIFIED
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•