Closed
Bug 631440
Opened 14 years ago
Closed 14 years ago
Crash [@ nsDocShell::AddToSessionHistory] with pushState
Categories
(Core :: DOM: Navigation, defect)
Tracking
()
RESOLVED
FIXED
mozilla2.0b12
People
(Reporter: jruderman, Assigned: mossop)
Details
(Keywords: crash, testcase)
Crash Data
Attachments
(3 files)
|
201 bytes,
text/html
|
Details | |
|
37.93 KB,
text/plain
|
Details | |
|
4.11 KB,
patch
|
bzbarsky
:
review+
benjamin
:
approval2.0+
|
Details | Diff | Splinter Review |
Based on when I started seeing this bug, I suspect it's a regression from bug 602256.
Like in bug 630801, the pushState call has an effect despite throwing.
|
Reporter | |
Comment 1•14 years ago
|
||
|
Assignee | |
Comment 2•14 years ago
|
||
Silly question, how do I reproduce this? I loaded the testcase in a debug build and nothing happened except the popup blocker showed
|
|
Assignee | |
Comment 3•14 years ago
|
||
Guess I can see the problem though, attempting to pushstate before there is an initial history state will crash. Not sure what the behaviour should be there (probably throw an exception) but an easy fix is to just not clone in that case.
|
|
Assignee | |
Comment 4•14 years ago
|
||
Should have looked closer at the stack. The call to pushstate happens before the load state but does throw an exception, however before that it sets mLoadType to LOAD_PUSHSTATE. The subsequent load of the window then acts somewhat as if it was a pushState and so attempts to clone the history. Simple fix is to move setting mLoadType to after all the checks are performed and we actually start to mutate things. This might fix bug 630801 too, pushing to try now.
Assignee: nobody → dtownsend
Whiteboard: [has patch][waiting on try]
|
|
Reporter | |
Comment 5•14 years ago
|
||
This testcase requires popups to be enabled.
|
|
Assignee | |
Comment 6•14 years ago
|
||
This moves setting mLoadType to later and that alone is enough to resolve the crash. I also added a check on mOSHE to the specific code that changed for protection. The testcase successfully crashes without the fix applied and passes with.
Attachment #510306 -
Flags: review?(bzbarsky)
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [has patch][waiting on try] → [has patch][needs review bz]
|
||
Comment 7•14 years ago
|
||
Comment on attachment 510306 [details] [diff] [review]
patch rev 1
r=me
Attachment #510306 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Updated•14 years ago
|
Attachment #510306 -
Flags: approval2.0?
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [has patch][needs review bz] → [has patch][needs approval]
|
||
Updated•14 years ago
|
Attachment #510306 -
Flags: approval2.0? → approval2.0+
|
|
Assignee | |
Comment 8•14 years ago
|
||
Landed tis yesterday: http://hg.mozilla.org/mozilla-central/rev/33dc58befe48
Status: NEW → RESOLVED
Closed: 14 years ago
Flags: in-testsuite+
Flags: in-litmus-
Resolution: --- → FIXED
Target Milestone: --- → mozilla2.0b12
|
|
Assignee | |
Updated•14 years ago
|
Whiteboard: [has patch][needs approval]
|
||
Updated•13 years ago
|
Crash Signature: [@ nsDocShell::AddToSessionHistory]
You need to log in
before you can comment on or make changes to this bug.
Description
•