Closed Bug 600082 Opened 9 years ago Closed 9 years ago
AT may crash when it frees memory allocated for header cell array by server
I think the problem we allocate memory by nsMemory::Allocate which is not thread safe. It's reasonable to use CoTaskMemAlloc here (AT use CoTaskMemFree to free memory allocated by Firefox). It was tested as a part of try-server build, it must be safe to land it for Firefox 3.6 as well.
This would be a speedy landing/review, since code freeze for 3.6.11 is tonight, September 28, 2010 11:50 PDT IIRC. I agree this is needed to prevent crashes with assistive technologies properly wanting to support the new table interfaces. Requesting blocking 1.9.2.
blocking1.9.2: --- → ?
Comment on attachment 478921 [details] [diff] [review] patch let's speed up review process :) all we need is to get blocking status for 2.0 and 1.9.2. This is really urgent to land on 1.9.2 because AT developer is going to disable new table interface usage on their side while this bug is not fixed. That would be a big step back.
Attachment #478921 - Flags: review?(bolterbugz) → review?(marco.zehe)
Comment on attachment 478921 [details] [diff] [review] patch Yep, this is correct. I remember having seen this kind of problem earlier in my C++ life. :) R=me. Do we have other places in the msaa codebase where this could bite us?
Attachment #478921 - Flags: review?(marco.zehe) → review+
Yes, but I didn't check it.
Approving blocking b7, there is urgency for this.
blocking2.0: ? → beta7+
Landed on Alexander's behalf on 2.0: http://hg.mozilla.org/mozilla-central/rev/530a551da062
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Comment on attachment 478921 [details] [diff] [review] patch a=beltzner
Attachment #478921 - Flags: approval184.108.40.206? → approval220.127.116.11+
Landed on 1.9.2 on Alexander's behalf: http://hg.mozilla.org/releases/mozilla-1.9.2/rev/7cd8c155da8d
You need to log in before you can comment on or make changes to this bug.