Failure in GtkMozEmbedChrome::OpenStream can cause future gtk_moz_embed_append_data to crash.

RESOLVED FIXED in mozilla0.9.1

Status

RESOLVED FIXED
18 years ago
7 years ago

People

(Reporter: mfleming, Assigned: blizzard)

Tracking

({crash})

Trunk
mozilla0.9.1
x86
Linux
crash

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

18 years ago
(I've seen this happen in nautilus)

1) Application calls gtk_moz_embed_open_stream
2) Failure occurs in GtkMozEmbedChrome::OpenStream after mDoingStream is set to
TRUE (in my case, the failure is in "  docShell =
do_QueryInterface(contentItem);"
3) Subsequent call to gtk_moz_embed_append_data calls
GtkMozEmbedChrome::AppendToStream.
4) GtkMozEmbedChrome::mStreamListener is still uninitialized, so useage of that
in AppendToStream causes crash.

Requested Fix:

1) GtkMozEmbedChrome::OpenStream should set mDoingStream to FALSE on failure
2) AppendToStream and CloseStream should return if mDoingStream is FALSE
3) gtk_moz_embed_open_stream should return error code instead of void.

(I'll try to submit a patch in a bit)

Comment 1

18 years ago
Marking NEW...
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 2

18 years ago
Incidentally, it appears that this case can happen any time
gtk_moz_embed_open_stream is called prior to the control being realized.

Given that, perhaps some additional checking should be done there.
(Assignee)

Comment 3

18 years ago
Yeah, I agree.
(Assignee)

Updated

18 years ago
Target Milestone: --- → mozilla0.9
(Assignee)

Updated

18 years ago
Target Milestone: mozilla0.9 → mozilla0.9.1

Updated

18 years ago
Keywords: crash

Comment 5

18 years ago
r=pavlov
(Assignee)

Comment 7

18 years ago
Checked in.
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
Component: Embedding: GTK Widget → Embedding: GTK Widget
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.