Closed
Bug 697643
Opened 14 years ago
Closed 14 years ago
Crash [@ JS_IsExceptionPending] modifying a live NodeList
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla10
| Tracking | Status | |
|---|---|---|
| firefox10 | - | --- |
People
(Reporter: jruderman, Assigned: peterv)
References
Details
(Keywords: crash, regression, testcase)
Crash Data
Attachments
(3 files)
No description provided.
|
Reporter | |
Comment 1•14 years ago
|
||
|
||
Comment 2•14 years ago
|
||
HTMLOptionsCollectionWrapper::setItemAt has:
return NS_SUCCEEDED(rv) ? true : Throw(nsnull, rv);
but Throw() does XPCThrower::Throw(rv, cx); which does JS_IsExceptionPending(cx) which dereferences cx.
Peter, can we just pass in a JSContext to setItemAt? The only caller seems to have a JSContext.
tracking-firefox10:
--- → ?
|
|
Reporter | |
Comment 3•14 years ago
|
||
|
|
||
Comment 4•14 years ago
|
||
That's what generates the code in question, yes.
|
Assignee | |
Comment 5•14 years ago
|
||
Assignee: nobody → peterv
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 6•14 years ago
|
||
Comment on attachment 570078 [details] [diff] [review]
v1
Ideally we'd throw when unwrapping, for that we should probably sprinkle more builtinclass around. But we need to deal correctly with errors from setItemAt anyway.
Attachment #570078 -
Flags: review?(bzbarsky)
|
|
||
Comment 7•14 years ago
|
||
Comment on attachment 570078 [details] [diff] [review]
v1
r=me
Attachment #570078 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Comment 8•14 years ago
|
||
Target Milestone: --- → mozilla10
|
|
||
Comment 9•14 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
||
Updated•13 years ago
|
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•