Closed
Bug 605264
Opened 15 years ago
Closed 15 years ago
Crash [@ strcmp | nsHTMLMediaElement::Observe] with QI to nsIObserver
Categories
(Core :: Audio/Video, defect)
Core
Audio/Video
Tracking
()
VERIFIED
FIXED
mozilla2.0b12
| Tracking | Status | |
|---|---|---|
| blocking2.0 | --- | final+ |
People
(Reporter: jruderman, Assigned: khuey)
References
Details
(Keywords: crash, testcase, Whiteboard: [softblocker])
Crash Data
Attachments
(4 files)
2400 nsresult nsHTMLMediaElement::Observe(nsISupports* aSubject,
2401 const char* aTopic, const PRUnichar* aData)
2402 {
2403 if (strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
aTopic is null.
|
Reporter | |
Comment 1•15 years ago
|
||
Breakpad can't handle this crash :(
|
Assignee | |
Comment 2•15 years ago
|
||
This is fixed by Bug 605271.
|
|
Assignee | |
Updated•15 years ago
|
Assignee: nobody → khuey
|
|
Reporter | |
Comment 3•15 years ago
|
||
|
|
Reporter | |
Comment 4•15 years ago
|
||
|
|
Reporter | |
Comment 5•15 years ago
|
||
Nominating -- the incomplete stacks for this bug force me to over-ignore when fuzzing, and this won't be fixed by bug 605271 in time for Firefox 4.
blocking2.0: --- → ?
blocking2.0: ? → final+
Whiteboard: [softblocker]
|
|
Assignee | |
Comment 6•15 years ago
|
||
|
|
Assignee | |
Comment 7•15 years ago
|
||
Comment on attachment 503030 [details] [diff] [review]
Stop script from calling nsHTMLMediaElement::Observe.
This is ugly, but it gets the job done. Is getting XPConnect at xpcom-shutdown safe? I doubt we have test code in the tree to exercise this at xpcom-shutdown.
Attachment #503030 -
Flags: review?(jst)
|
||
Comment 8•15 years ago
|
||
Comment on attachment 503030 [details] [diff] [review]
Stop script from calling nsHTMLMediaElement::Observe.
- In nsHTMLMediaElement::Observe():
+ // Since this is exposed to (malicious) JS, verify that we aren't being
+ // called from script. We only have to worry about being called directly,
+ // so this is safe.
+ nsAXPCNativeCallContext* ncc = nsnull;
+ nsContentUtils::XPConnect()->GetCurrentNativeCallContext(&ncc);
+ if (ncc)
+ return NS_ERROR_FAILURE;
How about doing what nsImageLoadingContent does in cases like this, which is to call nsContentUtils::IsCallerChrome(), which I believe is shutdown safe. I suspect your version is as well, but I can't say with 100% certainty.
r=jst with that.
Attachment #503030 -
Flags: review?(jst) → review+
|
|
Assignee | |
Comment 9•15 years ago
|
||
Made changes suggested by jst and pushed.
http://hg.mozilla.org/mozilla-central/rev/652d012f9dc8
Status: NEW → RESOLVED
Closed: 15 years ago
Flags: in-testsuite+
OS: Mac OS X → All
Hardware: x86 → All
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b12
|
||
Updated•14 years ago
|
Crash Signature: [@ strcmp | nsHTMLMediaElement::Observe]
You need to log in
before you can comment on or make changes to this bug.
Description
•