The default bug view has changed. See this FAQ.

Crash [@ nsScriptElement::MaybeProcessScript] with several innerHTML sets

RESOLVED FIXED in Firefox 5

Status

()

Core
DOM
--
critical
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Jesse Ruderman, Assigned: hsivonen)

Tracking

(Blocks: 1 bug, {crash, testcase})

Trunk
mozilla6
crash, testcase
Points:
---

Firefox Tracking Flags

(firefox5 fixed)

Details

(crash signature)

Attachments

(3 attachments)

(Reporter)

Description

6 years ago
Created attachment 526495 [details]
testcase (crashes Firefox when loaded)

Crash [@ nsScriptElement::MaybeProcessScript]

The code that's crashing was added in bug 592366:
http://hg.mozilla.org/mozilla-central/annotate/b140e7746652/content/base/src/nsScriptElement.cpp#l172
(Reporter)

Comment 1

6 years ago
Created attachment 526496 [details]
stack trace (mac debug)
(Reporter)

Comment 2

6 years ago
bp-435d5c20-3595-4ba7-8064-227502110416
(Assignee)

Comment 3

6 years ago
Needs more null checking.
Assignee: nobody → hsivonen
Status: NEW → ASSIGNED
(Assignee)

Comment 4

6 years ago
Created attachment 526706 [details] [diff] [review]
Add a null check

This code was written with HTML in mind. Yay for XML code paths. :-(

That we come to this branch at all is bogus. Will fix properly in bug 563322.
Attachment #526706 - Flags: review?(Olli.Pettay)
Attachment #526706 - Flags: review?(Olli.Pettay) → review+
(Assignee)

Comment 5

6 years ago
http://hg.mozilla.org/mozilla-central/rev/2648367a59f0
Status: ASSIGNED → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
(Assignee)

Comment 6

6 years ago
Comment on attachment 526706 [details] [diff] [review]
Add a null check

This is a stability fix that simply adds a null check. Seems to fit the Aurora criteria, so nominating.
Attachment #526706 - Flags: approval-mozilla-aurora?
(Assignee)

Updated

6 years ago
OS: Mac OS X → All
Hardware: x86 → All

Updated

6 years ago
Attachment #526706 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
(Assignee)

Comment 7

6 years ago
http://hg.mozilla.org/mozilla-aurora/rev/759590bbd0c9
status-firefox5: --- → fixed
Target Milestone: --- → mozilla6
Crash Signature: [@ nsScriptElement::MaybeProcessScript]
You need to log in before you can comment on or make changes to this bug.