Closed Bug 503699 Opened 15 years ago Closed 15 years ago

Crash [@ nsTextBoxFrame::UpdateAccesskey] with QI that has side effects

Categories

(Core :: XUL, defect)

Product:
Core
Component:
XUL
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: jruderman, Assigned: smaug)

References

Details

(Keywords: crash, testcase, Whiteboard: [sg:critical?])

Crash Data

Attachments

(3 files)

testcase (crashes debug Firefox when loaded)
715 bytes, application/vnd.mozilla.xul+xml
Details
stack trace plus evidence that the nsTextBoxFrame has been deleted
5.23 KB, text/plain
Details
patch
876 bytes, patch
roc
: review+
roc
: superreview+
Details | Diff | Splinter Review 
I think the nsTextBoxFrame gets deleted while nsTextBoxFrame::UpdateAccesskey runs, because of the QI call it makes.
Whiteboard: [sg:critical?]
Attached patch patchSplinter Review 
Fixes this bug, but we may want to think about some generic fix for the
bugs Bug 503700 will find.
Assignee: nobody → Olli.Pettay
Status: NEW → ASSIGNED
Attachment #388129 - Flags: superreview?(roc)
Attachment #388129 - Flags: review?(roc)
Attachment #388129 - Flags: superreview?(roc)
Attachment #388129 - Flags: superreview+
Attachment #388129 - Flags: review?(roc)
Attachment #388129 - Flags: review+
Can XPConnect just ignore QueryInterface exposed by non-chrome-privilege content>?
I split out that idea into bug 503926.
http://hg.mozilla.org/mozilla-central/rev/72de70984119
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsTextBoxFrame::UpdateAccesskey]
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.