Closed
Bug 468360
Opened 17 years ago
Closed 16 years ago
tree without treecols definition crashes the browser in [@XULTreeAccessible::TreeViewInvalidated]
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: Tobbi, Assigned: timeless)
Details
(Keywords: crash, fixed1.9.1, testcase, Whiteboard: [sg:dos] null deref)
Crash Data
Attachments
(3 files)
|
893 bytes,
application/vnd.mozilla.xul+xml
|
Details | |
|
893 bytes,
text/plain
|
Details | |
|
598 bytes,
patch
|
surkov
:
review+
beltzner
:
approval1.9.1+
dveditz
:
approval1.9.0.12-
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.0.4) Gecko/2008102920 Firefox/3.0.4
Build Identifier:
I found out that when you execute a XUL file with a tree in it but no tree definition the browser crashes.
Crash report associated with this issue can be found here:
http://crash-stats.mozilla.com/report/pending/14bc2de6-28d6-4c8c-8d48-1d9c22081207
Test cases can be found here: http://tobbi.bplaced.net/testcases/testcase2.xul (XUL) and here http://tobbi.bplaced.net/testcases/testcase2.txt (TXT)
Reproducible: Always
Steps to Reproduce:
1.Open XUL file with tree definition but without definition of <treerows> element.
2.Firefox crashes in [@XULTreeAccessible::TreeViewInvalidated]
Actual Results:
Crash [@XULTreeAccessible::TreeViewInvalidated]
|
Reporter | |
Comment 1•17 years ago
|
||
|
|
Reporter | |
Comment 2•17 years ago
|
||
|
|
Reporter | |
Comment 3•17 years ago
|
||
Tests on two different OSes (XP and Vista) assume that this only crashes on Win Vista. Can someone confirm this please?
|
||
Comment 4•17 years ago
|
||
Verified that it does NOT crash on WinXP... (recent shiretoko)
|
|
||
Comment 5•17 years ago
|
||
(In reply to comment #4)
> Verified that it does NOT crash on WinXP... (recent shiretoko)
Erm cancel -- No accessibility enabled, so my test is irrelevant
|
|
Reporter | |
Comment 6•16 years ago
|
||
Confirmed with Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 (.NET CLR 3.5.30729)
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: blocking1.9.0.11?
|
||
Comment 7•16 years ago
|
||
works for me in Windows 7 and Linux no crashes in
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.10) Gecko/2009042315 Firefox/3.0.10
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1b5pre) Gecko/20090509 Shiretoko/3.5b5pre
|
||
Comment 8•16 years ago
|
||
I was able to reproduce the crash with Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.10) Gecko/2009042316 Firefox/3.0.10 after creating a new profile and restarting.
Crash ID: bp-7e1f0dee-b7b1-42d9-9c5f-b47a42090510
surkov.alexander 1.75
651 mTree->GetColumns(getter_AddRefs(treeColumns));
652 NS_ENSURE_STATE(treeColumns);
663 nsCOMPtr<nsITreeColumn> col;
664 rv = treeColumns->GetKeyColumn(getter_AddRefs(col));
665 NS_ENSURE_SUCCESS(rv, rv);
666
667 PRInt32 colIdx = 0;
668 rv = col->GetIndex(&colIdx);
alexander: we're crashing because col is null
http://mxr.mozilla.org/mozilla-central/source/layout/xul/base/src/tree/src/nsTreeColumns.cpp#475
475 nsTreeColumns::GetKeyColumn(nsITreeColumn** _retval)
478 *_retval = nsnull;
517 NS_IF_ADDREF(*_retval);
518 return NS_OK;
GetKeyColumn doesn't throw exceptions for null values.
Assignee: nobody → surkov.alexander
Component: XUL → Disability Access APIs
QA Contact: xptoolkit.widgets → accessibility-apis
|
|
||
Comment 10•16 years ago
|
||
Pushing out this nomination to 1.9.0.12. We'll consider it, but doubt we'll block as it doesn't seem common and is not a regression.
Flags: blocking1.9.0.11? → blocking1.9.0.12?
|
Assignee | |
Comment 11•16 years ago
|
||
Assignee: surkov.alexander → timeless
Status: NEW → ASSIGNED
Attachment #376777 -
Flags: review?(surkov.alexander)
|
||
Comment 12•16 years ago
|
||
Comment on attachment 376777 [details] [diff] [review]
this should fix it
timeless, thank you for the patch, I think it make sense to put your null check in nsXULTreeAccessible::InvalidateCach since it has similar logic.
Attachment #376777 -
Flags: review?(surkov.alexander) → review+
|
|
||
Comment 13•16 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
||
Updated•16 years ago
|
Attachment #376777 -
Flags: approval1.9.1?
|
|
||
Updated•16 years ago
|
Attachment #376777 -
Flags: approval1.9.0.12?
|
||
Updated•16 years ago
|
|
||
Comment 14•16 years ago
|
||
Comment on attachment 376777 [details] [diff] [review]
this should fix it
a191=beltzner
Attachment #376777 -
Flags: approval1.9.1? → approval1.9.1+
|
||
Updated•16 years ago
|
Keywords: checkin-needed
Whiteboard: [sg:dos] null deref → [sg:dos] null deref [needs 191 landing]
|
|
||
Comment 15•16 years ago
|
||
Keywords: checkin-needed → fixed1.9.1
Whiteboard: [sg:dos] null deref [needs 191 landing] → [sg:dos] null deref
|
|
||
Comment 16•16 years ago
|
||
Comment on attachment 376777 [details] [diff] [review]
this should fix it
We'd rather approve what actually got checked in and tested on the trunk and 1.9.1 branches.
Attachment #376777 -
Flags: approval1.9.0.12? → approval1.9.0.12-
|
|
Reporter | |
Comment 17•16 years ago
|
||
VERIFIED FIXED with
Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.9.1) Gecko/20090624 Firefox/3.5 (.NET CLR 3.5.30729)
Status: RESOLVED → VERIFIED
|
||
Updated•14 years ago
|
Crash Signature: [@XULTreeAccessible::TreeViewInvalidated]
You need to log in
before you can comment on or make changes to this bug.
Description
•