Closed Bug 428225 Opened 17 years ago Closed 17 years ago

nsSplitterFrameInner::UpdateState is unsafe

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: sicking, Unassigned)

References

Details

Jonas Sicking (:sicking) No longer reading bugmail consistently

Reporter

Description

•

17 years ago

It is called during reflow but calls SetAttr with aNotify set to true which can run script. Don't know if the correct fix is to set the attributes off on a runnable (posted to nsContentUtils::AddScriptRunner) or to let aNotify be false. I suspect the former.

Boris Zbarsky [:bzbarsky]

Comment 1

•

17 years ago

Or to do it off a post-reflow callback, possibly.

Olli Pettay [:smaug][bugs@pettay.fi]

Comment 2

•

17 years ago

Yes, reflowcallback has been the usual way to fix these problems in xul layout/.

Jonas Sicking (:sicking) No longer reading bugmail consistently

Reporter

Comment 3

•

17 years ago

Fixed by patch in bug 423355

Status: NEW → RESOLVED

Closed: 17 years ago

Depends on: 423355

Resolution: --- → FIXED

Daniel Veditz [:dveditz]

Updated

•

12 years ago

Group: core-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

nsSplitterFrameInner::UpdateState is unsafe

Categories

(Core :: Layout, defect)

Tracking

()

People

(Reporter: sicking, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Comment 3

Updated