Closed
Bug 848895
Opened 12 years ago
Closed 12 years ago
Hold strong refs to editrules when calling into it, and always null-check the editor in editrules code
Categories
(Core :: DOM: Editor, defect)
Tracking
()
RESOLVED
FIXED
mozilla22
People
(Reporter: bzbarsky, Assigned: bzbarsky)
Details
(Keywords: sec-want, Whiteboard: [adv-main22-])
Attachments
(2 files, 1 obsolete file)
(deleted),
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
(deleted),
patch
|
ehsan.akhgari
:
review+
|
Details | Diff | Splinter Review |
See bug 848644 for discussion.
Assignee | ||
Comment 1•12 years ago
|
||
Attachment #722394 -
Flags: review?(ehsan)
Assignee | ||
Comment 2•12 years ago
|
||
Up to about line 2878 of nsHTMLEditRules.cpp so far. Lots more to go
Assignee | ||
Updated•12 years ago
|
Whiteboard: [need to finish up patch]
Comment 3•12 years ago
|
||
Marking sec-other because this is more of a preventative measure, as far as I understand.
Updated•12 years ago
|
Attachment #722394 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 4•12 years ago
|
||
This may be the least reviewable patch I have ever written....
Attachment #725260 -
Flags: review?(ehsan)
Assignee | ||
Updated•12 years ago
|
Attachment #722396 -
Attachment is obsolete: true
Comment 5•12 years ago
|
||
Comment on attachment 725260 [details] [diff] [review]
part 2. Null-check the pointer to the editor that the edit rules hold.
Review of attachment 725260 [details] [diff] [review]:
-----------------------------------------------------------------
This patch makes me so sad. Thanks for writing it! ;-)
::: editor/libeditor/html/nsHTMLEditRules.cpp
@@ +807,5 @@
>
> int32_t offset, rootOffset;
> nsCOMPtr<nsIDOMNode> parent = nsEditor::GetNodeLocation(rootElem, &rootOffset);
> + NS_ENSURE_STATE(mHTMLEditor);
> + res = mHTMLEditor->GetStartNodeAndOffset(selection, getter_AddRefs(parent), &offset);
I assume you changed the indentation here by mistake.
@@ +6056,5 @@
> for (i=listCount-1; i>=0; i--)
> {
> nsCOMPtr<nsIDOMNode> node = outArrayOfNodes[i];
> if (!aDontTouchContent && IsInlineNode(node)
> + &&
Nit: please put this at the end of previous line.
Attachment #725260 -
Flags: review?(ehsan) → review+
Assignee | ||
Comment 6•12 years ago
|
||
> I assume you changed the indentation here by mistake.
Yes, copy/paste brought along some spaces.
> Nit: please put this at the end of previous line.
Done.
https://hg.mozilla.org/integration/mozilla-inbound/rev/7437279a223d
https://hg.mozilla.org/integration/mozilla-inbound/rev/4c2a4448bd09
Flags: in-testsuite-
Whiteboard: [need to finish up patch]
Target Milestone: --- → mozilla22
Comment 7•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/7437279a223d
https://hg.mozilla.org/mozilla-central/rev/4c2a4448bd09
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
status-b2g18:
--- → wontfix
status-firefox21:
--- → wontfix
status-firefox22:
--- → fixed
status-firefox23:
--- → fixed
status-firefox-esr17:
--- → wontfix
Keywords: sec-other
Updated•12 years ago
|
Whiteboard: [adv-main22-]
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•