Closed Bug 522214 Opened 13 years ago Closed 13 years ago

Crash when setting null on charset [@ strlen | nsDependentCString::nsDependentCString(char const*)]

Categories

(Core Graveyard :: Embedding: APIs, defect)

x86
Windows XP
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: martijn.martijn, Assigned: timeless)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

See testcase.

http://crash-stats.mozilla.com/report/index/6f0017d5-0117-41f4-90bb-ab7542091014?p=1
0  	mozcrt19.dll  	strlen  	strlen.asm:81
1 	xul.dll 	nsDependentCString::nsDependentCString 	obj-firefox/dist/include/nsTDependentString.h:90
2 	xul.dll 	nsDocShell::SetCharset 	docshell/base/nsDocShell.cpp:1745
3 	xul.dll 	NS_InvokeByIndex_P 	xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101
4 	xul.dll 	XPCWrappedNative::CallMethod 	js/src/xpconnect/src/xpcwrappednative.cpp:2710
Summary: Crash [@ strlen] when setting null on charset → Crash when setting null on charset [@ strlen | nsDependentCString::nsDependentCString(char const*)]
Attached patch handle null pointers (obsolete) — Splinter Review
i believe there are a couple of instances in this file.
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #411573 - Flags: review?(bzbarsky)
Component: General → Embedding: APIs
QA Contact: general → apis
Comment on attachment 411573 [details] [diff] [review]
handle null pointers

>+        nsCString charset;
>+        if (aCharset)
>+          charset = nsDependentCString(aCharset);

That pattern is silly..  Just do |nsCString charset(aCharset)|.  Or better yet throw up front on null.

Same for the other hunk that does this.

>-        mGlobalHistory->SetPageTitle(mCurrentURI, nsDependentString(aTitle));
>+        mGlobalHistory->SetPageTitle(mCurrentURI, mTitle);

Technically not the same, since SetTitle can reenter... not that it handles that anyway, so this is fine.

Add a test?
Attachment #411573 - Flags: review?(bzbarsky) → review-
Attached patch skip Dependent'sSplinter Review
Attachment #411573 - Attachment is obsolete: true
Attachment #429420 - Flags: review?(bzbarsky)
Comment on attachment 429420 [details] [diff] [review]
skip Dependent's

r=bzbarsky
Attachment #429420 - Flags: review?(bzbarsky) → review+
http://hg.mozilla.org/mozilla-central/rev/6447c15170c6
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Crash Signature: [@ strlen | nsDependentCString::nsDependentCString(char const*)]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.