Closed
Bug 769464
Opened 13 years ago
Closed 13 years ago
getComputedStyle(worker) crashes
Categories
(Core :: XPConnect, defect)
Tracking
()
VERIFIED
FIXED
mozilla17
| Tracking | Status | |
|---|---|---|
| firefox13 | --- | unaffected |
| firefox14 | --- | unaffected |
| firefox15 | --- | unaffected |
| firefox16 | + | verified |
| firefox17 | --- | verified |
| firefox-esr10 | --- | unaffected |
People
(Reporter: jruderman, Assigned: peterv)
References
Details
(4 keywords, Whiteboard: [advisory-tracking-])
Crash Data
Attachments
(3 files)
|
155 bytes,
text/html
|
Details | |
|
4.26 KB,
text/plain
|
Details | |
|
2.81 KB,
patch
|
bzbarsky
:
review+
akeybl
:
approval-mozilla-aurora+
|
Details | Diff | Splinter Review |
No description provided.
|
Reporter | |
Comment 1•13 years ago
|
||
|
|
Reporter | |
Comment 2•13 years ago
|
||
|
||
Comment 3•13 years ago
|
||
Oops. castNative has:
if (dom::IsDOMClass(clasp)) {
native = dom::UnwrapDOMObject<nsISupports>(cur);
entries = nsnull;
which is bogus: it needs to make sure that the native is isupports!
Peter, do you want to patch, or should I? I seem to recall you having some helpers for checking the isupports thing around....
Group: core-security
|
|
||
Updated•13 years ago
|
status-firefox-esr10:
--- → unaffected
status-firefox13:
--- → unaffected
status-firefox14:
--- → unaffected
status-firefox15:
--- → unaffected
|
||
Updated•13 years ago
|
tracking-firefox16:
--- → +
|
||
Updated•13 years ago
|
Blocks: 760131
status-firefox16:
--- → affected
No longer depends on: 760131
Keywords: regression,
sec-critical
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → peterv
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 5•13 years ago
|
||
Attachment #641566 -
Flags: review?(bzbarsky)
|
|
||
Comment 6•13 years ago
|
||
Comment on attachment 641566 [details] [diff] [review]
v1
r=me. First binding crashtest. *sniff*
Attachment #641566 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Comment 7•13 years ago
|
||
Target Milestone: --- → mozilla17
|
|
Assignee | |
Comment 8•13 years ago
|
||
Comment on attachment 641566 [details] [diff] [review]
v1
[Approval Request Comment]
Bug caused by (feature/regressing bug #): bug 760131
User impact if declined: crashes
Testing completed (on m-c, etc.): landed on mozilla-inbound, has crashtest
Risk to taking this patch (and alternatives if risky): low risk
String or UUID changes made by this patch: none
Attachment #641566 -
Flags: approval-mozilla-aurora?
|
||
Comment 9•13 years ago
|
||
This is asserting on OS X roughly half the time. Backed out since otherwise we would have to delay the inbound merge even longer today:
https://tbpl.mozilla.org/php/getParsedLog.php?id=13576427&tree=Mozilla-Inbound
https://tbpl.mozilla.org/php/getParsedLog.php?id=13577693&tree=Mozilla-Inbound
https://hg.mozilla.org/integration/mozilla-inbound/rev/50448898a28f
Target Milestone: mozilla17 → ---
|
|
Assignee | |
Comment 10•13 years ago
|
||
|
|
Assignee | |
Updated•13 years ago
|
Target Milestone: --- → mozilla17
|
|
||
Comment 11•13 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 13 years ago
status-firefox17:
--- → fixed
Resolution: --- → FIXED
|
||
Comment 12•13 years ago
|
||
Comment on attachment 641566 [details] [diff] [review]
v1
[Triage Comment]
Low-risk, sg:crit fix for a regression in FF16. Approved for Aurora 16.
Attachment #641566 -
Flags: approval-mozilla-aurora? → approval-mozilla-aurora+
|
|
Assignee | |
Comment 13•13 years ago
|
||
|
||
Updated•12 years ago
|
Whiteboard: [advisory-tracking-]
|
||
Comment 14•12 years ago
|
||
Confirmed crash on build 2012-6-28, nightly
Verified fixed on build 2012-9-30, release
Verified fixed on build 2012-11-13, 17.0b6
|
|
||
Updated•12 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•