Closed Bug 459663 Opened 16 years ago Closed 16 years ago

Crash [@ nsEventDispatcher::Dispatch] when doing window.print() on a deleted window

Categories

(Core :: Layout, defect)

Product:
Core
Component:
Layout
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED FIXED

People

(Reporter: martijn.martijn, Assigned: smaug)

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

testcase
358 bytes, text/html
Details
null check
1.02 KB, patch
Details | Diff | Splinter Review 
This crash doesn't occur in Firefox 3, but since this is related to the problem of bug 424377, I'm marking this security sensitive. (and because this is a regression from Firefox 3, I'm filing this bug at all).

See testcase, a print dialog comes up, click on "Ok".
Result: crash

http://crash-stats.mozilla.com/report/index/b476dd45-9926-11dd-839f-0013211cbf8a?p=1
0  	xul.dll  	nsEventDispatcher::Dispatch  	 content/events/src/nsEventDispatcher.cpp:438
1 	xul.dll 	nsPresContext::FireDOMPaintEvent 	layout/base/nsPresContext.cpp:1628
2 	xul.dll 	nsRunnableMethod<nsBindingManager>::Run 	obj-firefox/dist/include/xpcom/nsThreadUtils.h:264
3 	xul.dll 	nsThread::ProcessNextEvent 	xpcom/threads/nsThread.cpp:510
4 	xul.dll 	NS_ProcessNextEvent_P 	obj-firefox/xpcom/build/nsThreadUtils.cpp:227
5 	xul.dll 	xul.dll@0x337270 	
6 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
7 	xul.dll 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2405

Looking at the stack, I guess this might be a regresion from bug 450930.
Attached file testcase 

    
    

    
  

      
      
      
      

        Attached patch
          
          
        add some needed null checks (obsolete)
        — Splinter Review
      

    


  
Assignee: nobody → Olli.Pettay

        Attachment #342872 -
        Flags: superreview?(roc)

        Attachment #342872 -
        Flags: review?(roc)

    
    

    
  
Comment on attachment 342872 [details] [diff] [review]
add some needed null checks

Why I didn't ask review for this?

    
    

    
  
The ourWindow check is now redundant, I checked in an early-exit if ourWindow is null.

The eventTarget check can be hoisted to just after "eventTarget = ourWindow->GetChromeEventHandler();". r+sr with that.

    
    

    
  

      
      
      
      

        Attached patch
          
          
        null checkSplinter Review
      

    


  

        Attachment #342872 -
        Attachment is obsolete: true

        Attachment #342872 -
        Flags: superreview?(roc)

        Attachment #342872 -
        Flags: review?(roc)
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED

    
    

    
  
Verified fixed, using:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1b2pre) Gecko/20081020 Minefield/3.1b2pre
Status: RESOLVED → VERIFIED
No longer depends on: 424377
Crash Signature: [@ nsEventDispatcher::Dispatch]

    
  
Group: core-security → core-security-release
Group: core-security-release

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: