Closed
Bug 149320
Opened 23 years ago
Closed 22 years ago
crash if invalid setStart is set on a Range
Categories
(Core :: DOM: Core & HTML, defect, P3)
Tracking
()
RESOLVED
FIXED
M1
People
(Reporter: mail, Assigned: mozeditor)
References
Details
(Keywords: crash, testcase, Whiteboard: fixinhand, has r= and sr=)
Attachments
(3 files, 1 obsolete file)
(deleted),
text/html
|
Details | |
(deleted),
text/html
|
Details | |
(deleted),
patch
|
glazou
:
review+
kinmoz
:
superreview+
|
Details | Diff | Splinter Review |
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3)
Gecko/20020523
BuildID: 2002052306
setStart to an invalid offset for a Range. Alert or appending of textNode of
Range causes crash.
Reproducible: Always
Steps to Reproduce:
1. createRange
2. setStart to invalid offset
Actual Results: crash
Expected Results: error
Reporter | ||
Comment 1•23 years ago
|
||
Reporter | ||
Comment 2•23 years ago
|
||
Added try-catch to testcase. Should catch an INDEX_SIZE_ERR exception rather
than crashing.
Comment 3•23 years ago
|
||
With 2002060408/trunk/W2K using 1st testcase -> crash, TB7054045Q
I add some condition to avoid crash for nil point, I think this patch can
match the reporter's need.
Before checking in any content iterator changes, or getting a super review, I
would get a review from jfrancis@netscape.com who wrote it.
That said, I believe there is an implicit assumption by the content iterator and
all backend users of range (like the editor) that the range will either be
un-positioned or contain valid containers and offsets.
I really think that we need to fix SetStart()/SetEnd()or the underlying
DoSetRange() function to validate indexes and containers ... I'm actually quite
surprised that it's not doing that already since the spec mentions specific
situations to check for.
Assignee | ||
Comment 8•22 years ago
|
||
I agree with Kin. Lets fix this in the right place. Submitting patch soon.
Assignee: kin → jfrancis
Status: ASSIGNED → NEW
Assignee | ||
Comment 9•22 years ago
|
||
This fixes it, and generates the out-of-bounds error expected in the second
testcase. Kin, can you sr?
Attachment #89879 -
Attachment is obsolete: true
Assignee | ||
Comment 10•22 years ago
|
||
The days of having a half dozen milestones out in front of us to divide bugs
between seem to be gone, though I dont know why. Lumping everything together as
far out as I can. I'll pull back things that I am working on as I go.
Target Milestone: mozilla1.1beta → mozilla1.2beta
Assignee | ||
Updated•22 years ago
|
Status: NEW → ASSIGNED
Whiteboard: fixinhand; need r=,sr=
Target Milestone: mozilla1.2beta → M1
Comment 11•22 years ago
|
||
Comment on attachment 91184 [details] [diff] [review]
patch to content/base/nsRange.{h,cpp}
sr=kin@netscape.com
Attachment #91184 -
Flags: superreview+
Comment 12•22 years ago
|
||
Comment on attachment 91184 [details] [diff] [review]
patch to content/base/nsRange.{h,cpp}
One comment only : DOM Comments are also CharacterData so I would prefer to see
them appear in the main 'if' case of GetNodeLength()...
Just in case we decide some day in the future to allow visibility of XML
comments.
r=glazman
Attachment #91184 -
Flags: review+
Updated•22 years ago
|
Whiteboard: fixinhand; need r=,sr= → fixinhand, has r= and sr=
Assignee | ||
Comment 13•22 years ago
|
||
fix landed on trunk
Status: ASSIGNED → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 14•16 years ago
|
||
Crashtest added as part of http://hg.mozilla.org/mozilla-central/rev/54417ebbaea2
Flags: in-testsuite+
Updated•12 years ago
|
Component: DOM: Traversal-Range → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•