Closed
Bug 769464
Opened 12 years ago
Closed 12 years ago
getComputedStyle(worker) crashes
Categories
(Core :: XPConnect, defect)
Tracking
()
VERIFIED
FIXED
mozilla17
| Tracking | Status | |
|---|---|---|
| firefox13 | --- | unaffected |
| firefox14 | --- | unaffected |
| firefox15 | --- | unaffected |
| firefox16 | + | verified |
| firefox17 | --- | verified |
| firefox-esr10 | --- | unaffected |
People
(Reporter: jruderman, Assigned: peterv)
References
Details
(4 keywords, Whiteboard: [advisory-tracking-])
Crash Data
Attachments
(3 files)
|
155 bytes,
text/html
|
Details | |
|
4.26 KB,
text/plain
|
Details | |
|
2.81 KB,
patch
|
bzbarsky
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
No description provided.
|
Reporter | |
Comment 1•12 years ago
|
||
|
|
Reporter | |
Comment 2•12 years ago
|
||
Nightly: bp-d87ff006-17f0-4e0e-95ac-b81122120628
|
||
Comment 3•12 years ago
|
||
Oops. castNative has:
if (dom::IsDOMClass(clasp)) {
native = dom::UnwrapDOMObject<nsISupports>(cur);
entries = nsnull;
which is bogus: it needs to make sure that the native is isupports!
Peter, do you want to patch, or should I? I seem to recall you having some helpers for checking the isupports thing around....Group: core-security
|
|
||
Updated•12 years ago
|
status-firefox-esr10:
--- → unaffected
status-firefox13:
--- → unaffected
status-firefox14:
--- → unaffected
status-firefox15:
--- → unaffected
|
||
Updated•12 years ago
|
tracking-firefox16:
--- → +
|
||
Updated•12 years ago
|
Blocks: 760131
status-firefox16:
--- → affected
No longer depends on: 760131
Keywords: regression,
sec-critical
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → peterv
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 5•12 years ago
|
||
Attachment #641566 -
Flags: review?(bzbarsky)
|
|
||
Comment 6•12 years ago
|
||
Comment on attachment 641566 [details] [diff] [review] v1 r=me. First binding crashtest. *sniff*
Attachment #641566 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Comment 7•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/29104ecddc3a
Target Milestone: --- → mozilla17
|
|
Assignee | |
Comment 8•12 years ago
|
||
Comment on attachment 641566 [details] [diff] [review] v1 [Approval Request Comment] Bug caused by (feature/regressing bug #): bug 760131 User impact if declined: crashes Testing completed (on m-c, etc.): landed on mozilla-inbound, has crashtest Risk to taking this patch (and alternatives if risky): low risk String or UUID changes made by this patch: none
Attachment #641566 -
Flags: approval-mozilla-aurora?
|
||
Comment 9•12 years ago
|
||
This is asserting on OS X roughly half the time. Backed out since otherwise we would have to delay the inbound merge even longer today: https://tbpl.mozilla.org/php/getParsedLog.php?id=13576427&tree=Mozilla-Inbound https://tbpl.mozilla.org/php/getParsedLog.php?id=13577693&tree=Mozilla-Inbound https://hg.mozilla.org/integration/mozilla-inbound/rev/50448898a28f
Target Milestone: mozilla17 → ---
|
|
Assignee | |
Comment 10•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/0030a8043e4a
|
|
Assignee | |
Updated•12 years ago
|
Target Milestone: --- → mozilla17
|
|
||
Comment 11•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/0030a8043e4a
Status: ASSIGNED → RESOLVED
Closed: 12 years ago
status-firefox17:
--- → fixed
Resolution: --- → FIXED
|
||
Comment 12•12 years ago
|
||
Comment on attachment 641566 [details] [diff] [review] v1 [Triage Comment] Low-risk, sg:crit fix for a regression in FF16. Approved for Aurora 16.
Attachment #641566 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 13•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/943b896fc721
|
||
Updated•12 years ago
|
Whiteboard: [advisory-tracking-]
|
||
Comment 14•12 years ago
|
||
Confirmed crash on build 2012-6-28, nightly Verified fixed on build 2012-9-30, release Verified fixed on build 2012-11-13, 17.0b6
|
|
||
Updated•11 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•