Closed Bug 697643 Opened 13 years ago Closed 13 years ago

Crash [@ JS_IsExceptionPending] modifying a live NodeList

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Platform:
x86_64
macOS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla10
Tracking Flags:
Tracking Status
firefox10 - ---

People

(Reporter: jruderman, Assigned: peterv)

References

Details

(Keywords: crash, regression, testcase)

Crash Data

Attachments

(3 files)

testcase (crashes Firefox when loaded)
105 bytes, text/html
Details
stack trace (debug)
8.74 KB, text/plain
Details
v1
6.85 KB, patch
bzbarsky
: review+
Details | Diff | Splinter Review 
      No description provided.
HTMLOptionsCollectionWrapper::setItemAt has:

  return NS_SUCCEEDED(rv) ? true : Throw(nsnull, rv);

but Throw() does XPCThrower::Throw(rv, cx); which does JS_IsExceptionPending(cx) which dereferences cx.

Peter, can we just pass in a JSContext to setItemAt?  The only caller seems to have a JSContext.
tracking-firefox10: --- → ?
That's what generates the code in question, yes.
Attached patch v1Splinter Review 
Assignee: nobody → peterv
Status: NEW → ASSIGNED

    
    

    
  
Comment on attachment 570078 [details] [diff] [review]
v1

Ideally we'd throw when unwrapping, for that we should probably sprinkle more builtinclass around. But we need to deal correctly with errors from setItemAt anyway.

        Attachment #570078 -
        Flags: review?(bzbarsky)

    
    

    
  
Comment on attachment 570078 [details] [diff] [review]
v1

r=me

        Attachment #570078 -
        Flags: review?(bzbarsky) → review+

    
    

    
  
https://hg.mozilla.org/mozilla-central/rev/7ab4f0ac68dd
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Component: DOM → DOM: Core & HTML

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: