[tor-bugs] #16771 [Tor Browser]: TBB crashes on Google Maps when creating markers/clicking

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Aug 14 13:45:25 UTC 2015


#16771: TBB crashes on Google Maps when creating markers/clicking
-------------------------+-------------------------------------------------
     Reporter:  tom      |      Owner:  arthuredelstein
         Type:  defect   |     Status:  needs_information
     Priority:  major    |  Milestone:
    Component:  Tor      |    Version:
  Browser                |   Keywords:  tbb-crash, tbb-5.0-regression,
   Resolution:           |  TorBrowserTeam201508R
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by mcs):

 Kathy and I spent a few minutes on this (another set of eyes cannot hurt).
 Arthur's fix looks good to us.  After reading the code in
 dom/base/nsDocument.cpp, it is clear that the nsDocument destructor calls
 nsHostObjectProtocolHandler::RemoveDataEntry() for each string in the
 mHostObjectURIs array.  And since the cycle collector code does the same
 thing without removing anything from mHostObjectURIs, it makes sense that
 we would sometimes see a NULL info pointer when
 nsHostObjectProtocolHandler::RemoveDataEntry() is called from the
 nsDocument destructor.

 One of us should have caught the lack of a check for NULL info pointer
 when we reviewed the original patch.  Sorry.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16771#comment:21>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list