Closed
Bug 555099
Opened 15 years ago
Closed 15 years ago
nsAutoGCRoot used as temporary
Categories
(Core :: DOM: Core & HTML, defect, P1)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
FIXED
mozilla1.9.3a4
Tracking | Status | |
---|---|---|
blocking2.0 | --- | final+ |
status1.9.2 | --- | unaffected |
People
(Reporter: dbaron, Assigned: dbaron)
References
Details
(Whiteboard: [sg:critical?])
Attachments
(1 file)
1.02 KB,
patch
|
mrbkap
:
review+
|
Details | Diff | Splinter Review |
My assertions in bug 531460 (which I really need to land soon!) caught a bug introduced by the patch from bug 500328.
This was while running the mochitests in dom/tests/mochitest/whatwg.
This appears to be trunk-only (I think?), but marking security-sensitive for now.
Assignee | ||
Comment 1•15 years ago
|
||
Attachment #435040 -
Flags: review?
Comment 2•15 years ago
|
||
Comment on attachment 435040 [details] [diff] [review]
patch
Not sure who you meant to ask for review from, but we should get this in.
Attachment #435040 -
Flags: review? → review+
Comment 3•15 years ago
|
||
worst case is memory corruption, right? though we don't know if a GC could be forced from content at the right time.
blocking2.0: --- → ?
Whiteboard: [sg:critical?]
Assignee | ||
Comment 4•15 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Priority: -- → P1
Resolution: --- → FIXED
Target Milestone: --- → mozilla1.9.3a4
Assignee | ||
Comment 5•15 years ago
|
||
I confirmed that the 1.9.2 branch is unaffected; an MXR search for "nsAutoGCRoot(" turned up only this problem on mozilla-central and no problems on mozilla1.9.2.
We should probably clear the core-security flag when we ship the next trunk alpha.
status1.9.2:
--- → unaffected
Updated•14 years ago
|
blocking2.0: ? → final+
Updated•14 years ago
|
Group: core-security
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•