Closed Bug 650501 Opened 9 years ago Closed 9 years ago

Crash [@ nsScriptElement::MaybeProcessScript] with several innerHTML sets

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set
critical

Tracking

()

RESOLVED FIXED
mozilla6
Tracking Status
firefox5 --- fixed

People

(Reporter: jruderman, Assigned: hsivonen)

References

(Blocks 1 open bug)

Details

(Keywords: crash, testcase)

Crash Data

Attachments

(3 files)

Crash [@ nsScriptElement::MaybeProcessScript]

The code that's crashing was added in bug 592366:
http://hg.mozilla.org/mozilla-central/annotate/b140e7746652/content/base/src/nsScriptElement.cpp#l172
Needs more null checking.
Assignee: nobody → hsivonen
Status: NEW → ASSIGNED
Attached patch Add a null checkSplinter Review
This code was written with HTML in mind. Yay for XML code paths. :-(

That we come to this branch at all is bogus. Will fix properly in bug 563322.
Attachment #526706 - Flags: review?(Olli.Pettay)
Attachment #526706 - Flags: review?(Olli.Pettay) → review+
http://hg.mozilla.org/mozilla-central/rev/2648367a59f0
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Comment on attachment 526706 [details] [diff] [review]
Add a null check

This is a stability fix that simply adds a null check. Seems to fit the Aurora criteria, so nominating.
Attachment #526706 - Flags: approval-mozilla-aurora?
OS: Mac OS X → All
Hardware: x86 → All
Attachment #526706 - Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
Crash Signature: [@ nsScriptElement::MaybeProcessScript]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.