Closed Bug 522214 Opened 15 years ago Closed 15 years ago

Crash when setting null on charset [@ strlen | nsDependentCString::nsDependentCString(char const*)]

Categories

(Core Graveyard :: Embedding: APIs, defect)

x86
Windows XP
defect
Not set
critical

Tracking

(Not tracked)

RESOLVED FIXED

People

(Reporter: martijn.martijn, Assigned: timeless)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(2 files, 1 obsolete file)

See testcase. http://crash-stats.mozilla.com/report/index/6f0017d5-0117-41f4-90bb-ab7542091014?p=1 0 mozcrt19.dll strlen strlen.asm:81 1 xul.dll nsDependentCString::nsDependentCString obj-firefox/dist/include/nsTDependentString.h:90 2 xul.dll nsDocShell::SetCharset docshell/base/nsDocShell.cpp:1745 3 xul.dll NS_InvokeByIndex_P xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp:101 4 xul.dll XPCWrappedNative::CallMethod js/src/xpconnect/src/xpcwrappednative.cpp:2710
Summary: Crash [@ strlen] when setting null on charset → Crash when setting null on charset [@ strlen | nsDependentCString::nsDependentCString(char const*)]
Attached patch handle null pointers (obsolete) — Splinter Review
i believe there are a couple of instances in this file.
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #411573 - Flags: review?(bzbarsky)
Component: General → Embedding: APIs
QA Contact: general → apis
Comment on attachment 411573 [details] [diff] [review] handle null pointers >+ nsCString charset; >+ if (aCharset) >+ charset = nsDependentCString(aCharset); That pattern is silly.. Just do |nsCString charset(aCharset)|. Or better yet throw up front on null. Same for the other hunk that does this. >- mGlobalHistory->SetPageTitle(mCurrentURI, nsDependentString(aTitle)); >+ mGlobalHistory->SetPageTitle(mCurrentURI, mTitle); Technically not the same, since SetTitle can reenter... not that it handles that anyway, so this is fine. Add a test?
Attachment #411573 - Flags: review?(bzbarsky) → review-
Attached patch skip Dependent'sSplinter Review
Attachment #411573 - Attachment is obsolete: true
Attachment #429420 - Flags: review?(bzbarsky)
Comment on attachment 429420 [details] [diff] [review] skip Dependent's r=bzbarsky
Attachment #429420 - Flags: review?(bzbarsky) → review+
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Crash Signature: [@ strlen | nsDependentCString::nsDependentCString(char const*)]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: