Closed Bug 601236 Opened 12 years ago Closed 12 years ago

"ASSERTION: This is unsafe! Fix the caller!" tweaking video.src through attribute nodes

Categories

(Core :: DOM: Core & HTML, defect)

x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED FIXED

People

(Reporter: jruderman, Assigned: smaug)

Details

(Keywords: assertion, testcase)

Attachments

(3 files)

Attached file testcase
###!!! ASSERTION: This is unsafe! Fix the caller!: 'Error', 
file content/events/src/nsEventDispatcher.cpp, line 514
Attached file stack trace
Group: core-security
so, what should we do about this assertion?
Even if this bug isn't a security hole, I'd like it fixed quickly so I can check for other instances of this assertion that might be.
blocking2.0: --- → ?
Attached patch patchSplinter Review
Jonas, can you think of any reason why this wouldn't be ok in this case.
Attachment #481042 - Flags: review?(jonas)
So to clarify the patch, it just makes mozAutoDocUpdate to go out of
scope before SetValue()
So, a { } block was added.
Comment on attachment 481042 [details] [diff] [review]
patch

Mutation events and attribute nodes together. Can we add document.domain to the mix to get a trifecta of horror :(
Attachment #481042 - Flags: review?(jonas) → review+
Attachment #481042 - Flags: approval2.0?
Summary: "ASSERTION: This is unsafe! Fix the caller!" twaking video.src through attribute nodes → "ASSERTION: This is unsafe! Fix the caller!" tweaking video.src through attribute nodes
http://hg.mozilla.org/mozilla-central/rev/a6c31e83c5dd
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Assignee: nobody → Olli.Pettay
This was fixed long ago. No need for blocking2.0?
blocking2.0: ? → ---
Group: core-security
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.