Closed
Bug 942979
Opened 11 years ago
Closed 11 years ago
Crash in nsContentUtils::GetCommonAncestor
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla28
People
(Reporter: vulnerable.zappa, Assigned: mz_mhs-ctb)
Details
Attachments
(2 files, 3 obsolete files)
1.00 KB,
text/html
|
Details | |
2.83 KB,
patch
|
Details | Diff | Splinter Review |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36 OPR/17.0.1241.53 Steps to reproduce: run repro.html Actual results: Firefox crash Expected results: Nothing
Confirmed locally.
Assignee: nobody → mz_mhs-ctb
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: nsDocument::mSubtreeModifiedTargets crash → Crash in nsContentUtils::GetCommonAncestor
Attachment #8339661 -
Flags: review?(bzbarsky)
Comment 3•11 years ago
|
||
Comment on attachment 8339661 [details] [diff] [review] Patch Why is mSubtreeModifiedTargets[i] null, exactly?
Comment 4•11 years ago
|
||
That is, the real bug is whatever allows a null to end up in there; there should be no null values in that array.
Attachment #8339661 -
Flags: review?(bzbarsky)
Attachment #8339661 -
Attachment is obsolete: true
Attachment #8340541 -
Flags: review?(bzbarsky)
Comment 6•11 years ago
|
||
Comment on attachment 8340541 [details] [diff] [review] Patch v2 Yes, thank you. This makes a lot more sense. Maybe add a comment about how parentNode can be null if an earlier mutation event removed the node? r=me
Attachment #8340541 -
Flags: review?(bzbarsky) → review+
Updated•11 years ago
|
Component: Untriaged → DOM
Product: Firefox → Core
Comment 7•11 years ago
|
||
And add the test? :)
Attachment #8340541 -
Attachment is obsolete: true
Comment on attachment 8340678 [details] [diff] [review] Patch with test. Carrying r+ from bzbarsky.
Attachment #8340678 -
Flags: review+
Keywords: checkin-needed
Assignee | ||
Comment 10•11 years ago
|
||
Attachment #8340678 -
Attachment is obsolete: true
Assignee | ||
Comment 11•11 years ago
|
||
Sorry about that, forgot the comment.
Comment 12•11 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/bfa858a90cb0
Flags: in-testsuite+
Keywords: checkin-needed
Comment 13•11 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/bfa858a90cb0
Status: ASSIGNED → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•