Last Comment Bug 594760 - activeContent in nsEventStateManager::PostHandleEvent looks unsafe
: activeContent in nsEventStateManager::PostHandleEvent looks unsafe
Status: RESOLVED FIXED
: [sg:critical?][critsmash:patch]
:
Product: Core
Classification: Components
Component: DOM: Events
: unspecified
: x86 All
: -- normal (vote)
: ---
Assigned To: Olli Pettay [:smaug]
: events
:
:
:
  Show dependency treegraph
 
Reported: 2010-09-09 07:05 PDT by Olli Pettay [:smaug]
Modified: 2010-10-30 18:13 PDT (History)
3 users (show)
See Also:
Crash Signature:
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  ---
  needed
  .11-fixed
  needed
  .14-fixed


Attachments
patch (1.05 KB, patch)
2010-09-09 07:05 PDT, Olli Pettay [:smaug]
roc: review+
roc: approval2.0+
dveditz: approval1.9.2.11+
dveditz: approval1.9.1.14+
Details | Diff | Splinter Review

Summon comment box

Description Olli Pettay [:smaug] 2010-09-09 07:05:29 PDT
Created attachment 473527 [details] [review]
patch

The variable is nsIContent*, but scripts may run before it is used.

I don't have a testcase, but based on code this might lead to crash when
using image maps and deleting the image element when it gets focus.
Or something like that.
Comment 1 Daniel Veditz 2010-09-27 13:52:20 PDT
Comment on attachment 473527 [details] [review]
patch

Approved for 1.9.2.11 and 1.9.1.14, a=dveditz

Note You need to log in before you can comment on or make changes to this bug.