Closed
Bug 842721
Opened 10 years ago
Closed 10 years ago
Crash with addEventListener and DOMMediaStream
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 842089
People
(Reporter: nils, Unassigned)
Details
(Whiteboard: [sg:dupe 842089])
Attachments
(1 file)
|
258 bytes,
text/plain
|
Details |
The attached testcase crashes Firefox nightly. Also confirmed on 22 branch
Stack trace on windows (attempting to execute unmapped memory): 0:000:x86> r eax=0c265ee0 ebx=70b7876c ecx=02871c00 edx=80000010 esi=00aed27c edi=0e5b2670 eip=80000010 esp=00aed218 ebp=00aed230 iopl=0 nv up ei pl nz na po nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00210202 80000010 ?? ??? 0x80000010 xul!nsRefPtr<nsIDOMEventListener>::~nsRefPtr<nsIDOMEventListener>+0xe xul!mozilla::DOMMediaStream::~DOMMediaStream+0x25 xul!mozilla::DOMMediaStream::`scalar deleting destructor'+0xb xul!mozilla::dom::EventTargetBinding::addEventListener+0x1d2 xul!mozilla::dom::EventTargetBinding::genericMethod+0x8b mozjs!js::InvokeKernel+0xce mozjs!js::Interpret+0x804 mozjs!js::RunScript+0xac mozjs!js::InvokeKernel+0x367 mozjs!js::Invoke+0x143 mozjs!JS_CallFunctionValue+0x13d xul!mozilla::dom::EventHandlerNonNull::Call+0x125 xul!mozilla::dom::EventHandlerNonNull::Call<nsISupports *>+0xa4 xul!nsJSEventListener::HandleEvent+0xa8 xul!nsEventListenerManager::HandleEventInternal+0x1c2 xul!nsEventTargetChainItem::HandleEventTargetChain+0x1ec xul!nsEventDispatcher::Dispatch+0x51e xul!nsDocumentViewer::LoadComplete+0x17f xul!nsDocShell::EndPageLoad+0x223 xul!nsDocShell::OnStateChange+0xf2 xul!nsDocLoader::DoFireOnStateChange+0xbf xul!nsDocLoader::doStopDocumentLoad+0x51 xul!nsDocLoader::DocLoaderIsEmpty+0x5bd8c4 xul!nsDocLoader::OnStopRequest+0xde xul!nsLoadGroup::RemoveRequest+0xf5 xul!nsDocument::DoUnblockOnload+0x5b xul!nsDocument::UnblockOnload+0x69 xul!nsDocument::DispatchContentLoadedEvents+0x337 xul!nsRunnableMethodImpl<void (__thiscall nsDocument::*)(void),1>::Run+0x29 xul!nsThread::ProcessNextEvent+0x275 xul!NS_ProcessNextEvent_P+0x2d xul!mozilla::ipc::MessagePump::Run+0x46 xul!MessageLoop::RunHandler+0x51 xul!MessageLoop::Run+0x19 xul!nsBaseAppShell::Run+0x2e xul!nsAppShell::Run+0x16 xul!nsAppStartup::Run+0x20 xul!XREMain::XRE_mainRun+0x37a xul!XREMain::XRE_main+0xdf xul!XRE_main+0x4e firefox!do_main+0x686 firefox!wmain+0x83b firefox!__tmainCRTStartup+0x122 KERNEL32!BaseThreadInitThunk+0xe ntdll_778a0000!__RtlUserThreadStart+0x72 ntdll_778a0000!_RtlUserThreadStart+0x1b
|
||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
|
||
Updated•10 years ago
|
Group: core-security
Flags: sec-bounty-
Whiteboard: [sg:dupe 842089]
|
Assignee | |
Updated•4 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•