Closed
Bug 639733
Opened 14 years ago
Closed 13 years ago
Crash [@ nsIsIndexFrame::RestoreState]
Categories
(Core :: Layout, defect)
Core
Layout
Tracking
()
RESOLVED
FIXED
mozilla5
Tracking | Status | |
---|---|---|
status2.0 | --- | ? |
People
(Reporter: jruderman, Assigned: MatsPalmgren_bugz)
References
Details
(Keywords: crash, testcase, Whiteboard: [sg:dos])
Crash Data
Attachments
(4 files)
(deleted),
application/xhtml+xml
|
Details | |
(deleted),
text/plain
|
Details | |
(deleted),
patch
|
bzbarsky
:
review+
dveditz
:
approval2.0-
|
Details | Diff | Splinter Review |
(deleted),
patch
|
Details | Diff | Splinter Review |
No description provided.
Reporter | ||
Comment 1•14 years ago
|
||
Assignee | ||
Comment 2•13 years ago
|
||
Null-pointer crash trying to restore a saved <embed> state on a <isindex>. Tracing frame state save/restore leading up to the crash: No state to save for HTMLScroll(html)(-1)@0x7fffe1b57448 No state to save for HTMLScroll(html)(-1)@0x7fffdae18448 No state to save for HTMLScroll(html)(-1)@0x7fffda3a1448 No state '0>1' to restore for HTMLScroll(html)(-1)@0x7fffda3a1448 No state '0>0>o>1>3>0' to restore for HTMLScroll(embed)(1)@0x7fffda3a9ab0 No state '0>0>o>3>3>0' to restore for IsIndex(isindex)(3)@0x7fffd91057c0 AddState '0>0>o>1>3>0' = 0x7fffd91a9040 for HTMLScroll(embed)(1)@0x7fffda3a9ab0 No state to save for IsIndex(isindex)(2)@0x7fffd91057c0 RestoreState '0>0>o>1>3>0' = 0x7fffd91a9040 for IsIndex(isindex)(1)@0x7fffd91057c0 [0x7fffd91057c0]RestoreState: aState=0x7fffd91a9040 GetStateProperty stateString=(nil) ###!!! ASSERTION: You can't dereference a NULL nsCOMPtr with operator->().: 'mRawPtr != 0', file ../../dist/include/nsCOMPtr.h, line 819 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff603fd0f in nsIsIndexFrame::RestoreState (this=0x7fffd91057c0, aState=0x7fffd91a9040) at layout/forms/nsIsIndexFrame.cpp:571 571 stateString->GetData(data);
OS: Mac OS X → All
Hardware: x86 → All
Assignee | ||
Comment 3•13 years ago
|
||
Include the tag name in the frame state key, instead of "o". Make nsIsIndexFrame::RestoreState null safe, just in case.
Assignee: nobody → matspal
Attachment #524003 -
Flags: review?(bzbarsky)
Assignee | ||
Comment 4•13 years ago
|
||
Here's what the trace looks like with the fix: No state to save for HTMLScroll(html)(-1)@0x7fffe187a448 No state to save for HTMLScroll(html)(-1)@0x7fffdaeb9448 No state to save for HTMLScroll(html)(-1)@0x7fffda272448 No state '0>1' to restore for HTMLScroll(html)(-1)@0x7fffda272448 No state '0>0>embed>1>3>0' to restore for HTMLScroll(embed)(1)@0x7fffda285ab0 No state '0>0>isindex>3>3>0' to restore for IsIndex(isindex)(3)@0x7fffd90d27c0 AddState '0>0>embed>1>3>0' = 0x7fffd8c0a060 for HTMLScroll(embed)(1)@0x7fffda285ab0 No state to save for IsIndex(isindex)(2)@0x7fffd90d27c0 No state '0>0>isindex>1>3>0' to restore for IsIndex(isindex)(1)@0x7fffd90d27c0
Assignee | ||
Comment 5•13 years ago
|
||
![]() |
||
Comment 6•13 years ago
|
||
Comment on attachment 524003 [details] [diff] [review] fix Why not just: KeyAppendString(nsDependentAtomString(aContent->Tag()), aKey); ? r=me with that. Don't forget to check in the crashtest.
Attachment #524003 -
Flags: review?(bzbarsky) → review+
Assignee | ||
Comment 7•13 years ago
|
||
Much better, thanks. Fixed in Cedar: http://hg.mozilla.org/projects/cedar/rev/1652e3d8dc1c http://hg.mozilla.org/projects/cedar/rev/80dc22b6c3f6
Flags: in-testsuite+
Whiteboard: fixed-in-cedar
Updated•13 years ago
|
Whiteboard: fixed-in-cedar → [sg:dos]fixed-in-cedar
Comment 9•13 years ago
|
||
http://hg.mozilla.org/mozilla-central/rev/80dc22b6c3f6 http://hg.mozilla.org/mozilla-central/rev/1652e3d8dc1c
Whiteboard: [sg:dos]fixed-in-cedar → [sg:dos]
Target Milestone: --- → mozilla2.2
Assignee | ||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 10•13 years ago
|
||
Per security group discussion, requesting landing on mozilla-2.0.
Assignee | ||
Updated•13 years ago
|
Attachment #524003 -
Flags: approval2.0?
Updated•13 years ago
|
Crash Signature: [@ nsIsIndexFrame::RestoreState]
Comment 11•13 years ago
|
||
Comment on attachment 524003 [details] [diff] [review] fix minus on long past 2.0 approval
Attachment #524003 -
Flags: approval2.0? → approval2.0-
You need to log in
before you can comment on or make changes to this bug.
Description
•