Closed Bug 942979 Opened 6 years ago Closed 6 years ago
Crash in ns
Content Utils::Get Common Ancestor
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.101 Safari/537.36 OPR/17.0.1241.53 Steps to reproduce: run repro.html Actual results: Firefox crash Expected results: Nothing
Assignee: nobody → mz_mhs-ctb
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: nsDocument::mSubtreeModifiedTargets crash → Crash in nsContentUtils::GetCommonAncestor
Comment on attachment 8339661 [details] [diff] [review] Patch Why is mSubtreeModifiedTargets[i] null, exactly?
That is, the real bug is whatever allows a null to end up in there; there should be no null values in that array.
Comment on attachment 8340541 [details] [diff] [review] Patch v2 Yes, thank you. This makes a lot more sense. Maybe add a comment about how parentNode can be null if an earlier mutation event removed the node? r=me
Attachment #8340541 - Flags: review?(bzbarsky) → review+
Component: Untriaged → DOM
Product: Firefox → Core
And add the test? :)
Comment on attachment 8340678 [details] [diff] [review] Patch with test. Carrying r+ from bzbarsky.
Attachment #8340678 - Flags: review+
Sorry about that, forgot the comment.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla28
You need to log in before you can comment on or make changes to this bug.