Closed
Bug 76404
Opened 24 years ago
Closed 24 years ago
crash opening view source when MOZ_VALIDATE_HTML is set
Categories
(Core :: DOM: HTML Parser, defect)
Tracking
()
VERIFIED
FIXED
People
(Reporter: bzbarsky, Assigned: bzbarsky)
Details
(Keywords: crash)
Attachments
(2 files)
472 bytes,
patch
|
Details | Diff | Splinter Review | |
885 bytes,
patch
|
Details | Diff | Splinter Review |
BUILD: 2001-04-17-08
STEPS TO REPRODUCE:
1) "setenv MOZ_VALIDATE_HTML 1" or equivalent
2) Run mozilla
3) open view source and crash
Here's what's going on:
We are using the parser context passed to CViewSourceHTML::WillBuildModel to
initialize mValidator
(http://lxr.mozilla.org/seamonkey/source/htmlparser/src/nsViewSourceHTML.cpp#439):
mValidator=aParserContext.mValidator;
The parser context gets its value of mValidator in
http://lxr.mozilla.org/seamonkey/source/htmlparser/src/nsParser.cpp#1048
The value is set in GetSharedObjects(), which just creates and returns a new
CSharedParserObjects object. The constructor for this object does not set
mOtherDTD to null, and that pointer eventually becomes mValidator in view source
and is dereferenced, causing a segmentation violation. Attaching a patch that
properly sets the pointer to null in the constructor
![]() |
Assignee | |
Comment 1•24 years ago
|
||
![]() |
Assignee | |
Updated•24 years ago
|
![]() |
Assignee | |
Comment 2•24 years ago
|
||
![]() |
Assignee | |
Comment 4•24 years ago
|
||
The checkin for bug 69455 fixed this among other things. The pointer is now
properly initialized in the constructor. Marking fixed.
Status: NEW → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Verified on:
build: 2001-05-21-11-Mtrunk
platform: WinNT
Marking it verified as per above developer comments.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•