crash opening view source when MOZ_VALIDATE_HTML is set

VERIFIED FIXED

Status

()

--
critical
VERIFIED FIXED
18 years ago
18 years ago

People

(Reporter: bzbarsky, Assigned: bzbarsky)

Tracking

({crash})

Trunk
x86
Linux
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

BUILD: 2001-04-17-08

STEPS TO REPRODUCE:
1)  "setenv MOZ_VALIDATE_HTML 1" or equivalent
2)  Run mozilla
3)  open view source and crash

Here's what's going on:

We are using the parser context passed to CViewSourceHTML::WillBuildModel to
initialize mValidator
(http://lxr.mozilla.org/seamonkey/source/htmlparser/src/nsViewSourceHTML.cpp#439):

mValidator=aParserContext.mValidator;

The parser context gets its value of mValidator in 
http://lxr.mozilla.org/seamonkey/source/htmlparser/src/nsParser.cpp#1048 

The value is set in GetSharedObjects(), which just creates and returns a new
CSharedParserObjects object.  The constructor for this object does not set
mOtherDTD to null, and that pointer eventually becomes mValidator in view source
and is dereferenced, causing a segmentation violation.  Attaching a patch that
properly sets the pointer to null in the constructor
Created attachment 31224 [details] [diff] [review]
patch to fix this
(Assignee)

Updated

18 years ago
Keywords: crash, patch, review
Created attachment 31265 [details] [diff] [review]
another patch, moving the initializations to a better place

Comment 3

18 years ago
r=timeless
Assignee: harishd → bzbarsky
Keywords: review → approval
The checkin for bug 69455 fixed this among other things.  The pointer is now
properly initialized in the constructor.  Marking fixed.
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED

Comment 5

18 years ago
Verified on:
build: 2001-05-21-11-Mtrunk
platform: WinNT

Marking it verified as per above developer comments.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.