Closed Bug 98792 Opened 24 years ago Closed 24 years ago

misuse of nsIAppShellService::UnregisterTopLevelWindow [@ nsAppShellService::UnregisterTopLevelWindow]

Categories

(Core Graveyard :: Cmd-line Features, defect)

Product:
Core Graveyard
Component:
Cmd-line Features
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED
Milestone:
mozilla0.9.5

People

(Reporter: danm.moz, Assigned: danm.moz)

Details

(Keywords: crash, topcrash)

Crash Data

Attachments

(2 files)

fix null parameters to UnregisterTopLevelWindow
3.29 KB, patch
Details | Diff | Splinter Review
better fix for callers sending us a null parameter
3.12 KB, patch
ccarlen
: review+
alecf
: superreview+
Details | Diff | Splinter Review
I managed to insert a crasher bug by writing code that assumed I was being handed an actual window in nsAppShellService::UnregisterTopLevelWindow. It turns out there are two places in Mozilla code that are using the function for its side effect of quitting the app. This happened to work because I was foolish enough to to put a null check on Unregister...'s parameter.
Status: NEW → ASSIGNED
Target Milestone: --- → mozilla0.9.5
Dan, take a look at the code here: http://lxr.mozilla.org/mozilla/source/xpfe/bootstrap/nsNativeAppSupportWin.cpp#765 Looks like it uses GetMostRecentWindow() and if null, enables the menu so it can send a -kill command to itself. So, if -kill was invoked that way, we know the last window is closed. I guess the other possibility is somebody typing "mozilla -kill" on the command line. Just to keep things consistent, shouldn't we use GetMostRecentWindow() in the same way was the other place?
right you are. simpler patch attached below.
Comment on attachment 48647 [details] [diff] [review] better fix for callers sending us a null parameter r=ccarlen
Attachment #48647 - Flags: review+
Exiting from the turbo systray icon is broken because of the original change; I had a patch in 88844 but I see it's being handled here. As Conrad said, the menuitem will be disabled if there aren't any open windows, so I take it the added check is just for people calling -kill. Not sure who'd ever do that, but it can't hurt, so sr=blake. I'll be sad to see SOMEBODY_SET_UP_US_THE_NULL_POINTER go.
FYI: the uninstaller and the installer uses the -kill feature.
Comment on attachment 48647 [details] [diff] [review] better fix for callers sending us a null parameter sr=alecf
Attachment #48647 - Flags: superreview+
QA Contact: sairuh → jrgm
Patch is in. (oops! I forgot to blame Blake, too, in the review notes.) I already miss SOMEBODY_SET_UP_US_THE_NULL_POINTER.
Status: ASSIGNED → RESOLVED
Closed: 24 years ago
Resolution: --- → FIXED
Sorry for the spam guys: just adding keywords and summary changes so that talkback can show this one fixed.
Keywords: crash, topcrash
Summary: misuse of nsIAppShellService::UnregisterTopLevelWindow → misuse of nsIAppShellService::UnregisterTopLevelWindow [@ nsAppShellService::UnregisterTopLevelWindow]
Product: Core → Core Graveyard
QA Contact: jrgmorrison → cmd-line
Crash Signature: [@ nsAppShellService::UnregisterTopLevelWindow]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: