[@ SVGAnimatedLengthList::SetBaseValueString][@ SVGAnimatedNumberList::SetBaseValueString] useing domWrapper forgetting it might be null

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
8 years ago
a month ago

People

(Reporter: timeless, Assigned: timeless)

Tracking

(Blocks: 1 bug, {coverity, crash})

Trunk
coverity, crash
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

(crash signature)

Attachments

(1 attachment, 1 obsolete attachment)

1.42 KB, patch
timeless
: review+
Details | Diff | Splinter Review
(Assignee)

Description

8 years ago
49 SVGAnimatedLengthList::SetBaseValueString(const nsAString& aValue)
57   DOMSVGAnimatedLengthList *domWrapper =
58     DOMSVGAnimatedLengthList::GetDOMWrapperIfExists(this);
59   if (domWrapper) {
65     domWrapper->InternalBaseValListWillChangeTo(newBaseValue);

72   rv = mBaseVal.CopyFrom(newBaseValue);
73   if (NS_FAILED(rv)) {
76     domWrapper->InternalBaseValListWillChangeTo(mBaseVal);
(Assignee)

Comment 1

8 years ago
Created attachment 498583 [details] [diff] [review]
patch
Assignee: nobody → timeless
Status: NEW → ASSIGNED
Attachment #498583 - Flags: review?(dholbert)
Attachment #498583 - Flags: approval2.0?
The same problem exists in SVGAnimatedNumberList, if you care to fix it there too.
Comment on attachment 498583 [details] [diff] [review]
patch

r=dholbert, but if it's not too much trouble, please also fix SVGAnimatedNumberList in the same push (or same patch even), as jwatt suggests.

(Many aspects of these files are in sync, so it's nice to fix both places simultaneously when a bug exists in both.)

(I also glanced at SVGAnimatedPointList.cpp and SVGAnimatedPathSegList.cpp, but it looks like they don't need this.)
Attachment #498583 - Flags: review?(dholbert) → review+
(Assignee)

Updated

8 years ago
Summary: [@ SVGAnimatedLengthList::SetBaseValueString] uses domWrapper forgetting it might be null → [@ SVGAnimatedLengthList::SetBaseValueString][@ SVGAnimatedNumberList::SetBaseValueString] useing domWrapper forgetting it might be null
(Assignee)

Comment 4

8 years ago
Created attachment 498705 [details] [diff] [review]
handle both
Attachment #498583 - Attachment is obsolete: true
Attachment #498705 - Flags: review+
Attachment #498705 - Flags: approval2.0?
Attachment #498583 - Flags: approval2.0?
http://hg.mozilla.org/mozilla-central/rev/37290bda896d
Status: ASSIGNED → RESOLVED
Last Resolved: 8 years ago
Resolution: --- → FIXED
Blocks: 589439
Crash Signature: [@ SVGAnimatedLengthList::SetBaseValueString] [@ SVGAnimatedNumberList::SetBaseValueString]
You need to log in before you can comment on or make changes to this bug.