Last Comment Bug 650501 - Crash [@ nsScriptElement::MaybeProcessScript] with several innerHTML sets
: Crash [@ nsScriptElement::MaybeProcessScript] with several innerHTML sets
Status: RESOLVED FIXED
: crash, testcase
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: All All
: -- critical (vote)
: mozilla6
Assigned To: Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2016-10-03)
:
:
Mentors:
Depends on:
Blocks: 343943
  Show dependency treegraph
 
Reported: 2011-04-16 08:20 PDT by Jesse Ruderman
Modified: 2011-06-09 14:58 PDT (History)
4 users (show)
See Also:
Crash Signature:
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
fixed


Attachments
testcase (crashes Firefox when loaded) (371 bytes, application/xhtml+xml)
2011-04-16 08:20 PDT, Jesse Ruderman
no flags Details
stack trace (mac debug) (12.00 KB, text/plain)
2011-04-16 08:26 PDT, Jesse Ruderman
no flags Details
Add a null check (2.65 KB, patch)
2011-04-18 06:06 PDT, Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2016-10-03)
bugs: review+
jst: approval‑mozilla‑aurora+
Details | Diff | Splinter Review

Description Jesse Ruderman 2011-04-16 08:20:55 PDT
Created attachment 526495 [details]
testcase (crashes Firefox when loaded)

Crash [@ nsScriptElement::MaybeProcessScript]

The code that's crashing was added in bug 592366:
http://hg.mozilla.org/mozilla-central/annotate/b140e7746652/content/base/src/nsScriptElement.cpp#l172
Comment 1 Jesse Ruderman 2011-04-16 08:26:22 PDT
Created attachment 526496 [details]
stack trace (mac debug)
Comment 2 Jesse Ruderman 2011-04-16 08:26:40 PDT
bp-435d5c20-3595-4ba7-8064-227502110416
Comment 3 Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2016-10-03) 2011-04-16 09:54:06 PDT
Needs more null checking.
Comment 4 Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2016-10-03) 2011-04-18 06:06:11 PDT
Created attachment 526706 [details] [diff] [review]
Add a null check

This code was written with HTML in mind. Yay for XML code paths. :-(

That we come to this branch at all is bogus. Will fix properly in bug 563322.
Comment 5 Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2016-10-03) 2011-04-19 00:25:59 PDT
http://hg.mozilla.org/mozilla-central/rev/2648367a59f0
Comment 6 Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2016-10-03) 2011-04-19 00:27:56 PDT
Comment on attachment 526706 [details] [diff] [review]
Add a null check

This is a stability fix that simply adds a null check. Seems to fit the Aurora criteria, so nominating.
Comment 7 Henri Sivonen (:hsivonen) (Not reading bugmail or doing reviews until 2016-10-03) 2011-04-20 01:50:31 PDT
http://hg.mozilla.org/mozilla-aurora/rev/759590bbd0c9

Note You need to log in before you can comment on or make changes to this bug.