Closed
Bug 486482
Opened 16 years ago
Closed 16 years ago
null deref [@ nsPluginNativeWindowGtk2::CreateXEmbedWindow ]
Categories
(Core Graveyard :: Plug-ins, defect)
Tracking
(status1.9.1 wanted)
RESOLVED
FIXED
mozilla1.9.2a1
| Tracking | Status | |
|---|---|---|
| status1.9.1 | --- | wanted |
People
(Reporter: stransky, Assigned: stransky)
Details
(Keywords: crash)
Crash Data
Attachments
(1 file)
|
1.30 KB,
patch
|
jaas
:
review+
jst
:
superreview+
dveditz
:
approval1.9.1.4-
|
Details | Diff | Splinter Review |
Downstream bug https://bugzilla.redhat.com/show_bug.cgi?id=491477
There's a null deref in nsPluginNativeWindowGtk2::CreateXEmbedWindow()
(gdb) where
#0 0x0000003e9ec0efab in raise () from /lib64/libpthread.so.0
#1 0x0000003f4fa30f05 in nsProfileLock::FatalSignalHandler (signo=11)
at nsProfileLock.cpp:212
#2 <signal handler called>
#3 nsPluginNativeWindowGtk2::CreateXEmbedWindow (this=0x2e283c0)
at nsPluginNativeWindowGtk2.cpp:209
(gdb) list nsPluginNativeWindowGtk2.cpp:209
204 window = (nsPluginPort *)gtk_socket_get_id(GTK_SOCKET(mSocketWidget));
205
206 // Fill out the ws_info structure.
207 // (The windowless case is done in nsObjectFrame.cpp.)
208 GdkWindow *gdkWindow = gdk_window_lookup((XID)window);
209 mWsInfo.display = GDK_WINDOW_XDISPLAY(gdkWindow);
210 mWsInfo.colormap =
GDK_COLORMAP_XCOLORMAP(gdk_drawable_get_colormap(gdkWindow));
211 GdkVisual* gdkVisual = gdk_drawable_get_visual(gdkWindow);
212 mWsInfo.visual = GDK_VISUAL_XVISUAL(gdkVisual);
213 mWsInfo.depth = gdkVisual->depth;
(gdb) select 3
(gdb) print window
$1 = (struct nsPluginPort *) 0x0
(gdb) print gdkWindow
$2 = <value optimized out>
window && gdkWindow are NULL so:
mWsInfo.display = GDK_WINDOW_XDISPLAY(gdkWindow);
produces a segfault.
It seems to affect all branches (1.9.0, 1.9.1 and Trunk).
|
Assignee | |
Comment 1•16 years ago
|
||
|
|
Assignee | |
Updated•16 years ago
|
Attachment #370613 -
Attachment description: patch → patch for 1.9.1
|
|
Assignee | |
Updated•16 years ago
|
Attachment #370613 -
Flags: review?(jst)
|
|
Assignee | |
Comment 2•16 years ago
|
||
Comment on attachment 370613 [details] [diff] [review]
patch for 1.9.1
Can you please review this one?
Attachment #370613 -
Flags: review?(jst) → review+
Comment on attachment 370613 [details] [diff] [review]
patch for 1.9.1
+ return(NS_ERROR_FAILURE);
Should just be "return NS_ERROR_FAILURE;", no parens.
Otherwise looks good.
|
||
Updated•16 years ago
|
Attachment #370613 -
Flags: superreview+
|
||
Comment 5•16 years ago
|
||
Assignee: nobody → stransky
Status: NEW → RESOLVED
Closed: 16 years ago
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.2a1
|
|
||
Updated•16 years ago
|
Attachment #370613 -
Flags: approval1.9.1.2?
|
||
Updated•16 years ago
|
Attachment #370613 -
Flags: approval1.9.1.2? → approval1.9.1.3?
|
||
Comment 6•16 years ago
|
||
Comment on attachment 370613 [details] [diff] [review]
patch for 1.9.1
Approved for 1.9.1.4, a=dveditz for release-drivers
Attachment #370613 -
Flags: approval1.9.1.3? → approval1.9.1.4+
|
|
Assignee | |
Updated•16 years ago
|
Keywords: checkin-needed
|
|
Assignee | |
Comment 7•16 years ago
|
||
Oh sorry, seems to be already in. clearing the flag.
Keywords: checkin-needed
|
|
||
Comment 8•16 years ago
|
||
Comment on attachment 370613 [details] [diff] [review]
patch for 1.9.1
past code-freeze for 1.9.1.4, removing non-blocker approval.
Attachment #370613 -
Flags: approval1.9.1.4+ → approval1.9.1.4-
|
|
||
Updated•16 years ago
|
status1.9.1:
--- → wanted
|
||
Updated•14 years ago
|
Crash Signature: [@ nsPluginNativeWindowGtk2::CreateXEmbedWindow ]
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•