Closed Bug 601422 Opened 14 years ago Closed 14 years ago

Crash [@ nsImageDocument::ShrinkToFit] in removed frame

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla2.0b7

People

(Reporter: jruderman, Assigned: MatsPalmgren_bugz)

Details

(Keywords: crash, testcase, Whiteboard: [sg:dos])

Crash Data

Attachments

(3 files, 1 obsolete file)

Attached file testcase (obsolete) —
mImageContent is null.
The other nsIImageDocument methods have the same problem.
Assignee: nobody → matspal
Attachment #480464 - Attachment is obsolete: true
OS: Mac OS X → All
Hardware: x86 → All
Whiteboard: [sg:dos]
Attached patch Patch rev. 1Splinter Review
Add null-check and silent return. Or should we return NS_ERROR_NOT_AVAILABLE perhaps?
Attachment #480510 - Flags: review?(Olli.Pettay)
Comment on attachment 480510 [details] [diff] [review] Patch rev. 1 > NS_IMETHODIMP > nsImageDocument::RestoreImageTo(PRInt32 aX, PRInt32 aY) > { >+ if (!mImageContent) { >+ return NS_OK; >+ } > return ScrollImageTo(aX, aY, PR_TRUE); > } This change shouldn't be needed, since ScrollImageTo calls RestoreImage which you make null safe. > NS_IMETHODIMP > nsImageDocument::ToggleImageSize() > { >+ if (!mImageContent) { >+ return NS_OK; >+ } > mShouldResize = PR_TRUE; > if (mImageIsResized) { > mShouldResize = PR_FALSE; > ResetZoomLevel(); > RestoreImage(); > } > else if (mImageIsOverflowing) { > ResetZoomLevel(); And I think this isn't needed either.
Attachment #480510 - Flags: review?(Olli.Pettay) → review+
Fair enough. I think the former is slightly more robust, but the testcase should catch a future change in ScrollImageTo, ToggleImageSize that would make them crash in this case.
Comment on attachment 480615 [details] [diff] [review] Patch rev. 2 (nits fixed) Trivial fix for a null-pointer crash.
Attachment #480615 - Flags: approval2.0?
Attachment #480615 - Flags: approval2.0? → approval2.0+
Status: NEW → RESOLVED
Closed: 14 years ago
Flags: in-testsuite+
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b8
Target Milestone: mozilla2.0b8 → mozilla2.0b7
Crash Signature: [@ nsImageDocument::ShrinkToFit]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: