Closed Bug 842721 Opened 11 years ago Closed 11 years ago

Crash with addEventListener and DOMMediaStream

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
21 Branch
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 842089

People

(Reporter: nils, Unassigned)

Details

(Whiteboard: [sg:dupe 842089])

Attachments

(1 file)

testcase (crashes firefox)
258 bytes, text/plain
Details 
The attached testcase crashes Firefox nightly. Also confirmed on 22 branch
Stack trace on windows (attempting to execute unmapped memory):


0:000:x86> r
eax=0c265ee0 ebx=70b7876c ecx=02871c00 edx=80000010 esi=00aed27c edi=0e5b2670
eip=80000010 esp=00aed218 ebp=00aed230 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00210202
80000010 ??              ???


0x80000010
xul!nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener>+0xe
xul!mozilla::DOMMediaStream::~DOMMediaStream+0x25
xul!mozilla::DOMMediaStream::`scalar deleting destructor'+0xb
xul!mozilla::dom::EventTargetBinding::addEventListener+0x1d2
xul!mozilla::dom::EventTargetBinding::genericMethod+0x8b
mozjs!js::InvokeKernel+0xce
mozjs!js::Interpret+0x804
mozjs!js::RunScript+0xac
mozjs!js::InvokeKernel+0x367
mozjs!js::Invoke+0x143
mozjs!JS_CallFunctionValue+0x13d
xul!mozilla::dom::EventHandlerNonNull::Call+0x125
xul!mozilla::dom::EventHandlerNonNull::Call<nsISupports *>+0xa4
xul!nsJSEventListener::HandleEvent+0xa8
xul!nsEventListenerManager::HandleEventInternal+0x1c2
xul!nsEventTargetChainItem::HandleEventTargetChain+0x1ec
xul!nsEventDispatcher::Dispatch+0x51e
xul!nsDocumentViewer::LoadComplete+0x17f
xul!nsDocShell::EndPageLoad+0x223
xul!nsDocShell::OnStateChange+0xf2
xul!nsDocLoader::DoFireOnStateChange+0xbf
xul!nsDocLoader::doStopDocumentLoad+0x51
xul!nsDocLoader::DocLoaderIsEmpty+0x5bd8c4
xul!nsDocLoader::OnStopRequest+0xde
xul!nsLoadGroup::RemoveRequest+0xf5
xul!nsDocument::DoUnblockOnload+0x5b
xul!nsDocument::UnblockOnload+0x69
xul!nsDocument::DispatchContentLoadedEvents+0x337
xul!nsRunnableMethodImpl<void (__thiscall nsDocument::*)(void),1>::Run+0x29
xul!nsThread::ProcessNextEvent+0x275
xul!NS_ProcessNextEvent_P+0x2d
xul!mozilla::ipc::MessagePump::Run+0x46
xul!MessageLoop::RunHandler+0x51
xul!MessageLoop::Run+0x19
xul!nsBaseAppShell::Run+0x2e
xul!nsAppShell::Run+0x16
xul!nsAppStartup::Run+0x20
xul!XREMain::XRE_mainRun+0x37a
xul!XREMain::XRE_main+0xdf
xul!XRE_main+0x4e
firefox!do_main+0x686
firefox!wmain+0x83b
firefox!__tmainCRTStartup+0x122
KERNEL32!BaseThreadInitThunk+0xe
ntdll_778a0000!__RtlUserThreadStart+0x72
ntdll_778a0000!_RtlUserThreadStart+0x1b
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
Group: core-security
Flags: sec-bounty-
Whiteboard: [sg:dupe 842089]
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: