Closed
Bug 495444
Opened 16 years ago
Closed 16 years ago
nsXULTemplateBuilder::AttributeChanged calls Rebuild when nsContentUtils::IsSafeToRunScripts returns false
Categories
(Core :: XUL, defect)
Tracking
()
RESOLVED
FIXED
People
(Reporter: smaug, Assigned: smaug)
Details
(Keywords: verified1.9.0.14, Whiteboard: [sg:moderate?])
Attachments
(3 files, 1 obsolete file)
|
2.33 KB,
patch
|
enndeakin
:
review+
neil
:
superreview+
beltzner
:
approval1.9.1.2+
|
Details | Diff | Splinter Review |
|
921 bytes,
application/vnd.mozilla.xul+xml
|
Details | |
|
3.24 KB,
patch
|
dveditz
:
approval1.9.0.14+
|
Details | Diff | Splinter Review |
#7 0x00002aaab0b55a3e in nsJSContext::EvaluateStringWithValue (this=0x2144780, aScript=@0x7fff28ccedd0,
aScopeObject=0x1f88c80, aPrincipal=0x7a09c0, aURL=0x2212548 "chrome://global/content/bindings/listbox.xml", aLineNo=217,
aVersion=180, aRetValue=0x7fff28ccedf0, aIsUndefined=0x7fff28ccedfc)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/dom/base/nsJSEnvironment.cpp:1450
#8 0x00002aaab0b1467e in nsXBLProtoImplField::InstallField (this=0x2a64560, aContext=<value optimized out>,
aBoundNode=0x1f88c80, aPrincipal=0x7a09c0, aBindingDocURI=<value optimized out>, aDidInstall=0x7fff28ccee8c)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/xbl/src/nsXBLProtoImplField.cpp:135
#9 0x00002aaab0b07bad in XBLResolve (cx=0x21447e0, obj=<value optimized out>, id=<value optimized out>,
flags=<value optimized out>, objp=0x7fff28ccef28)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/xbl/src/nsXBLBinding.cpp:211
#10 0x00002aaaaad9efad in js_LookupPropertyWithFlags (cx=0x21447e0, obj=<value optimized out>, id=32533796, flags=5,
objp=0x7fff28ccef90, propp=0x7fff28ccef88) at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/jsobj.cpp:3848
#11 0x00002aaaaada706d in js_GetPropertyHelper (cx=0x21447e0, obj=0x1f88c80, id=32533796, cacheResult=1, vp=0x7fff28ccf238)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/jsobj.cpp:4255
#12 0x00002aaaaad761ea in js_Interpret (cx=0x21447e0) at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/jsinterp.cpp:4441
#13 0x00002aaaaad906a3 in js_Invoke (cx=0x21447e0, argc=1, vp=0x3010a38, flags=<value optimized out>)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/jsinterp.cpp:1394
#14 0x00002aaab0248275 in nsXPCWrappedJSClass::CallMethod (this=0x215c3e0, wrapper=<value optimized out>, methodIndex=4,
info=0x1108600, nativeParams=0x7fff28ccf780)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp:1652
#15 0x00002aaaab2d326e in PrepareAndDispatch (self=0x215c4b0, methodIndex=<value optimized out>, args=<value optimized out>,
gpregs=0x7fff28ccf860, fpregs=0x7fff28ccf890)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/xpcom/reflect/xptcall/src/md/unix/xptcstubs_x86_64_linux.cpp:153
#16 0x00002aaaab2d260b in SharedStub ()
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/xpcom/reflect/xptinfo/src/xptiprivate.h:383
#17 0x00002aaab0c8f5eb in nsXULTemplateBuilder::Rebuild (this=0x305b980)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/xul/templates/src/nsXULTemplateBuilder.cpp:400
#18 0x00002aaab0c94e05 in nsXULTemplateBuilder::AttributeChanged (this=0x3df8, aDocument=0x303d900, aContent=0x6,
aNameSpaceID=-1, aAttribute=0x0, aModType=0, aStateMask=0)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/xul/templates/src/nsXULTemplateBuilder.cpp:1112
#19 0x00002aaab09ccfd2 in nsNodeUtils::AttributeChanged (aContent=0x30afb80, aNameSpaceID=0, aAttribute=0xb8edb8,
aModType=2, aStateMask=0) at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/base/src/nsNodeUtils.cpp:108
#20 0x00002aaab09bbf75 in nsGenericElement::SetAttrAndNotify (this=0x30afb80, aNamespaceID=0, aName=0xb8edb8, aPrefix=0x0,
aOldValue=@0x7fff28ccfd80, aParsedValue=<value optimized out>, aModification=0, aFireMutation=0, aNotify=1,
aValueForAfterSetAttr=0x7fff28ccfee0)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/base/src/nsGenericElement.cpp:4369
#21 0x00002aaab09bc301 in nsGenericElement::SetAttr (this=0x30afb80, aNamespaceID=0, aName=0xb8edb8, aPrefix=0x0,
aValue=@0x7fff28ccfee0, aNotify=1)
at /home/smaug/mozilla/mozilla_cvs/hg/mozilla/content/base/src/nsGenericElement.cpp:4300
#22 0x00002aaab09b5d95 in nsGenericElement::SetAttribute (this=0x30afb80, aName=@0x7fff28ccff00, aValue=@0x7fff28ccfee0)
Attachment #380424 -
Flags: superreview?(neil)
Attachment #380424 -
Flags: review?
|
Assignee | |
Updated•16 years ago
|
Attachment #380424 -
Flags: review? → review?(enndeakin)
|
||
Comment 1•16 years ago
|
||
nsXULTemplateBuilder.cpp(1113) : error C2664: 'ns_new_runnable_method' : cannot convert parameter 2 from 'nsresult (__stdcall nsXULTemplateBuilder::* )(void)' to 'nsresult (__thiscall nsXULTemplateBuilder::* )(void)'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-
style cast or function-style cast
nsXULTemplateBuilder.cpp(1124) : error C2664: 'ns_new_runnable_method' : cannot convert parameter 2 from 'nsresult (__stdcall nsXULTemplateBuilder::* )(void)' to 'nsresult (__thiscall nsXULTemplateBuilder::* )(void)'
Types pointed to are unrelated; conversion requires reinterpret_cast, C-
style cast or function-style cast
gmake: *** [nsXULTemplateBuilder.obj] Error 2
|
|
Assignee | |
Comment 2•16 years ago
|
||
Bah, I'll upload a new patch.
|
|
Assignee | |
Comment 3•16 years ago
|
||
Attachment #380424 -
Attachment is obsolete: true
Attachment #380433 -
Flags: superreview?(neil)
Attachment #380433 -
Flags: review?(enndeakin)
Attachment #380424 -
Flags: superreview?(neil)
Attachment #380424 -
Flags: review?(enndeakin)
|
|
||
Updated•16 years ago
|
Attachment #380433 -
Flags: superreview?(neil) → superreview+
|
|
||
Comment 4•16 years ago
|
||
Comment on attachment 380433 [details] [diff] [review]
patch
Excellent, this must have been why I was getting an assertion (something to do with suppressing mutation events) opening SeaMonkey Mail.
|
||
Comment 5•16 years ago
|
||
Can you explain why this is needed? Rebuild doesn't call any scripts directly.
|
|
Assignee | |
Comment 6•16 years ago
|
||
yes it does if there is a JS-implemented nsIXULBuilderListener
|
|
||
Updated•16 years ago
|
Attachment #380433 -
Flags: review?(enndeakin) → review+
|
|
Assignee | |
Comment 7•16 years ago
|
||
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Updated•16 years ago
|
Flags: blocking1.9.1?
Flags: blocking1.9.0.13?
|
||
Comment 8•16 years ago
|
||
This bug was nominated for blocking Firefox 3.5, which is due to ship in two days, but no rationale was given. I'm going to assume that Olli meant to flag it as something we want to get into a security and stability release for Firefox, and transfer the flag to 1.9.1.1; if that's wrong, please renominate explaining why this is a stop-ship issue.
Flags: blocking1.9.1? → blocking1.9.1.1?
|
|
Assignee | |
Comment 9•16 years ago
|
||
Oh, sorry, I meant 1.9.1.1
|
||
Comment 10•16 years ago
|
||
Can content create a nsIXULBuilderListener, or is it only addons at risk here?
Flags: wanted1.9.1.x+
Flags: wanted1.9.0.x+
Flags: blocking1.9.0.13?
Flags: blocking1.9.0.13+
Whiteboard: [sg:moderate?]
|
|
||
Comment 11•16 years ago
|
||
(In reply to comment #10)
> Can content create a nsIXULBuilderListener, or is it only addons at risk here?
The listeners can be created by script code, so content code could create one.
|
||
Comment 12•16 years ago
|
||
Not for 1.9.1.1. We'll block on this for 1.9.1.2 though.
Flags: blocking1.9.1.1?
Whiteboard: [sg:moderate?] → [sg:moderate?][1.9.1.2+]
|
|
||
Updated•16 years ago
|
blocking1.9.1: --- → .2+
status1.9.1:
--- → wanted
|
|
||
Comment 13•16 years ago
|
||
Comment on attachment 380433 [details] [diff] [review]
patch
a=beltzner, please land on mozilla-1.9.1 immediately
Attachment #380433 -
Flags: approval1.9.1.2+
|
|
Assignee | |
Comment 14•16 years ago
|
||
|
|
Assignee | |
Updated•16 years ago
|
|
||
Comment 15•16 years ago
|
||
Olli, could you help us verify this bug for 3.5.2?
|
|
||
Comment 16•16 years ago
|
||
Does this patch work for 1.9.0 as well?
|
|
||
Updated•16 years ago
|
Flags: wanted1.9.1.x+
Whiteboard: [sg:moderate?][1.9.1.2+] → [sg:moderate?]
|
|
Assignee | |
Comment 17•16 years ago
|
||
The patch doesn't apply cleanly to 1.9.0 but I'll update it.
I think I have an idea for a testcase...
|
|
Assignee | |
Comment 18•16 years ago
|
||
If you get 2 working alerts when loading this, everything is ok.
Without the patch you get non-working alert dialogs (at least on OSX).
|
|
Assignee | |
Comment 19•16 years ago
|
||
...at least 2 alerts.
|
|
Assignee | |
Comment 20•16 years ago
|
||
Attachment #392895 -
Flags: approval1.9.0.14?
|
|
||
Updated•16 years ago
|
Attachment #392895 -
Flags: approval1.9.0.14? → approval1.9.0.14+
|
|
||
Comment 21•16 years ago
|
||
Comment on attachment 392895 [details] [diff] [review]
for 190
Approved for 1.9.0.14, a=dveditz for release-drivers
|
|
Assignee | |
Comment 22•16 years ago
|
||
Checking in content/xul/templates/src/nsXULTemplateBuilder.cpp;
/cvsroot/mozilla/content/xul/templates/src/nsXULTemplateBuilder.cpp,v <-- nsXULTemplateBuilder.cpp
new revision: 1.359; previous revision: 1.358
done
Checking in content/xul/templates/src/nsXULTemplateBuilder.h;
/cvsroot/mozilla/content/xul/templates/src/nsXULTemplateBuilder.h,v <-- nsXULTemplateBuilder.h
new revision: 1.37; previous revision: 1.36
done
Keywords: fixed1.9.0.14
|
||
Comment 23•15 years ago
|
||
Verified fixed using the attached testcase in 1.9.0.14 (Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.0.14pre) Gecko/2009081813 GranParadiso/3.0.14pre).
Keywords: fixed1.9.0.14 → verified1.9.0.14
|
|
||
Updated•15 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•