Status
()
People
(Reporter: bzbarsky, Assigned: bzbarsky)
Tracking
({crash})
Firefox Tracking Flags
(Not tracked)
Details
Attachments
(2 attachments)
|
472 bytes,
patch
|
Details | Diff | Splinter Review | |
|
885 bytes,
patch
|
Details | Diff | Splinter Review |
BUILD: 2001-04-17-08 STEPS TO REPRODUCE: 1) "setenv MOZ_VALIDATE_HTML 1" or equivalent 2) Run mozilla 3) open view source and crash Here's what's going on: We are using the parser context passed to CViewSourceHTML::WillBuildModel to initialize mValidator (http://lxr.mozilla.org/seamonkey/source/htmlparser/src/nsViewSourceHTML.cpp#439): mValidator=aParserContext.mValidator; The parser context gets its value of mValidator in http://lxr.mozilla.org/seamonkey/source/htmlparser/src/nsParser.cpp#1048 The value is set in GetSharedObjects(), which just creates and returns a new CSharedParserObjects object. The constructor for this object does not set mOtherDTD to null, and that pointer eventually becomes mValidator in view source and is dereferenced, causing a segmentation violation. Attaching a patch that properly sets the pointer to null in the constructor
|
(Assignee) | |
Comment 1•18 years ago
|
||
Created attachment 31224 [details] [diff] [review] patch to fix this
|
|
(Assignee) | |
Updated•18 years ago
|
||
Keywords: crash, patch, review
|
|
(Assignee) | |
Comment 2•18 years ago
|
||
Created attachment 31265 [details] [diff] [review] another patch, moving the initializations to a better place
|
|
(Assignee) | |
Comment 4•18 years ago
|
||
The checkin for bug 69455 fixed this among other things. The pointer is now properly initialized in the constructor. Marking fixed.
Status: NEW → RESOLVED
Last Resolved: 18 years ago
Resolution: --- → FIXED
Verified on: build: 2001-05-21-11-Mtrunk platform: WinNT Marking it verified as per above developer comments.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•