Closed Bug 522214 Opened 15 years ago Closed 14 years ago

Crash when setting null on charset [@ strlen | nsDependentCString::nsDependentCString(char const*)]

Categories

(Core Graveyard :: Embedding: APIs, defect)

Product:
Core Graveyard
Component:
Embedding: APIs
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: martijn.martijn, Assigned: timeless)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

testcase (uses enhanced privileges)
550 bytes, text/html
Details
skip Dependent's
2.42 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review 
See testcase.

http://crash-stats.mozilla.com/report/index/6f0017d5-0117-41f4-90bb-ab7542091014?p=1
0  	mozcrt19.dll  	strlen  	strlen.asm:81
1 	xul.dll 	nsDependentCString::nsDependentCString 	obj-firefox/dist/include/nsTDependentString.h:90
2 	xul.dll 	nsDocShell::SetCharset 	docshell/base/nsDocShell.cpp:1745
3 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
4 	xul.dll 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2710
Summary: Crash [@ strlen] when setting null on charset → Crash when setting null on charset [@ strlen | nsDependentCString::nsDependentCString(char const*)]
Attached patch handle null pointers (obsolete) — Splinter Review 
i believe there are a couple of instances in this file.
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #411573 - Flags: review?(bzbarsky)
Component: General → Embedding: APIs
QA Contact: general → apis
Comment on attachment 411573 [details] [diff] [review]
handle null pointers

>+        nsCString charset;
>+        if (aCharset)
>+          charset = nsDependentCString(aCharset);

That pattern is silly..  Just do |nsCString charset(aCharset)|.  Or better yet throw up front on null.

Same for the other hunk that does this.

>-        mGlobalHistory->SetPageTitle(mCurrentURI, nsDependentString(aTitle));
>+        mGlobalHistory->SetPageTitle(mCurrentURI, mTitle);

Technically not the same, since SetTitle can reenter... not that it handles that anyway, so this is fine.

Add a test?
Attachment #411573 - Flags: review?(bzbarsky) → review-
Attached patch skip Dependent'sSplinter Review 

        Attachment #411573 -
        Attachment is obsolete: true

        Attachment #429420 -
        Flags: review?(bzbarsky)

    
    

    
  
Comment on attachment 429420 [details] [diff] [review]
skip Dependent's

r=bzbarsky

        Attachment #429420 -
        Flags: review?(bzbarsky) → review+

    
    

    
  
http://hg.mozilla.org/mozilla-central/rev/6447c15170c6
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Crash Signature: [@ strlen | nsDependentCString::nsDependentCString(char const*)]

    
  
Product: Core → Core Graveyard

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: