Closed
Bug 848895
Opened 10 years ago
Closed 10 years ago
Hold strong refs to editrules when calling into it, and always null-check the editor in editrules code
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: bzbarsky, Assigned: bzbarsky)
Details
(Keywords: sec-want, Whiteboard: [adv-main22-])
Attachments
(2 files, 1 obsolete file)
|
12.34 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
|
221.71 KB,
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
See bug 848644 for discussion.
|
Assignee | |
Comment 1•10 years ago
|
||
Attachment #722394 -
Flags: review?(ehsan)
|
|
Assignee | |
Comment 2•10 years ago
|
||
Up to about line 2878 of nsHTMLEditRules.cpp so far. Lots more to go
|
|
Assignee | |
Updated•10 years ago
|
Whiteboard: [need to finish up patch]
|
||
Comment 3•10 years ago
|
||
Marking sec-other because this is more of a preventative measure, as far as I understand.
|
||
Updated•10 years ago
|
Attachment #722394 -
Flags: review?(ehsan) → review+
|
|
Assignee | |
Comment 4•10 years ago
|
||
This may be the least reviewable patch I have ever written....
Attachment #725260 -
Flags: review?(ehsan)
|
|
Assignee | |
Updated•10 years ago
|
Attachment #722396 -
Attachment is obsolete: true
|
|
||
Comment 5•10 years ago
|
||
Comment on attachment 725260 [details] [diff] [review] part 2. Null-check the pointer to the editor that the edit rules hold. Review of attachment 725260 [details] [diff] [review]: ----------------------------------------------------------------- This patch makes me so sad. Thanks for writing it! ;-) ::: editor/libeditor/html/nsHTMLEditRules.cpp @@ +807,5 @@ > > int32_t offset, rootOffset; > nsCOMPtr<nsIDOMNode> parent = nsEditor::GetNodeLocation(rootElem, &rootOffset); > + NS_ENSURE_STATE(mHTMLEditor); > + res = mHTMLEditor->GetStartNodeAndOffset(selection, getter_AddRefs(parent), &offset); I assume you changed the indentation here by mistake. @@ +6056,5 @@ > for (i=listCount-1; i>=0; i--) > { > nsCOMPtr<nsIDOMNode> node = outArrayOfNodes[i]; > if (!aDontTouchContent && IsInlineNode(node) > + && Nit: please put this at the end of previous line.
Attachment #725260 -
Flags: review?(ehsan) → review+
|
|
Assignee | |
Comment 6•10 years ago
|
||
> I assume you changed the indentation here by mistake. Yes, copy/paste brought along some spaces. > Nit: please put this at the end of previous line. Done. https://hg.mozilla.org/integration/mozilla-inbound/rev/7437279a223d https://hg.mozilla.org/integration/mozilla-inbound/rev/4c2a4448bd09
Flags: in-testsuite-
Whiteboard: [need to finish up patch]
Target Milestone: --- → mozilla22
|
||
Comment 7•10 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/7437279a223d https://hg.mozilla.org/mozilla-central/rev/4c2a4448bd09
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
|
||
Updated•10 years ago
|
status-b2g18:
--- → wontfix
status-firefox21:
--- → wontfix
status-firefox22:
--- → fixed
status-firefox23:
--- → fixed
status-firefox-esr17:
--- → wontfix
Keywords: sec-other
|
||
Updated•10 years ago
|
Whiteboard: [adv-main22-]
|
|
||
Updated•8 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•