Closed
Bug 617637
Opened 14 years ago
Closed 14 years ago
nsTableFrame::PushChildren imagines it can pass null to [@ nsFrameList::RemoveFrame] violating its preconditions
Categories
(Core :: Layout: Tables, defect)
Core
Layout: Tables
Tracking
()
RESOLVED
FIXED
mozilla2.0b8
People
(Reporter: timeless, Assigned: timeless)
References
(Blocks 1 open bug)
Details
(Keywords: coverity, crash)
Crash Data
Attachments
(1 file)
763 bytes,
patch
|
bzbarsky
:
review+
bzbarsky
:
approval2.0+
|
Details | Diff | Splinter Review |
113 nsFrameList::RemoveFrame(nsIFrame* aFrame) 114 { 115 NS_PRECONDITION(aFrame, "null ptr"); 116 #ifdef DEBUG_FRAME_LIST 117 // ContainsFrame is O(N) 118 NS_PRECONDITION(ContainsFrame(aFrame), "wrong list"); 119 #endif 120 121 nsIFrame* nextFrame = aFrame->GetNextSibling(); 1946 nsTableFrame::PushChildren(const RowGroupArray& aRowGroups, 1947 PRInt32 aPushFrom) 1948 { 1949 NS_PRECONDITION(aPushFrom > 0, "pushing first child"); 1950 1951 // extract the frames from the array into a sibling list 1952 nsFrameList frames; 1953 PRUint32 childX; 1954 for (childX = aPushFrom; childX < aRowGroups.Length(); ++childX) { 1955 nsTableRowGroupFrame* rgFrame = aRowGroups[childX]; 1956 if (!rgFrame || !rgFrame->IsRepeatable()) { 1957 mFrames.RemoveFrame(rgFrame);
Comment 1•14 years ago
|
||
Luckily, we never actually have null there, afaik.
Summary: nsTableFrame::PushChildren will pass null to [@ nsFrameList::RemoveFrame] which doesn't want it → nsTableFrame::PushChildren imagines it can pass null to [@ nsFrameList::RemoveFrame] violating its preconditions
ok, i read the code and agree this shouldn't happen. my current mailbox also has no indication of a crash for this codepath.
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #496389 -
Flags: review?(bzbarsky)
Attachment #496389 -
Flags: approval2.0?
Updated•14 years ago
|
Attachment #496389 -
Flags: review?(bzbarsky)
Attachment #496389 -
Flags: review+
Attachment #496389 -
Flags: approval2.0?
Attachment #496389 -
Flags: approval2.0+
Keywords: checkin-needed
Comment 3•14 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/2fc586fe3250
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Keywords: checkin-needed
OS: Mac OS X → All
Hardware: x86 → All
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b8
Updated•13 years ago
|
Crash Signature: [@ nsFrameList::RemoveFrame]
Updated•6 years ago
|
Blocks: coverity-analysis
You need to log in
before you can comment on or make changes to this bug.
Description
•