Comment 5 for bug 77859
Revision history for this message
| Ewen McNeill (ewen) wrote Re: Firefox: saved passwords causes crash with Mailman admin page | #5 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Source for affected function that is segfaulting:
void
nsPasswordManag
{
nsCOMPtr<
nsIDOMEventLi
targ-
targ-
mAutoComplete
}
(1956-1966 in firefox-
The affected line, 1962, is:
targ-
and appears to be segfaulting because the raw pointer inside targ is 0x0:
(gdb) print targ
$1 = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
I _think_ that the raw pointer inside targ is null because atElement is null,
but there's too much magic in the ns smart pointers to trace through without ever having seen the code before.
Working back up the stack, the caller is:
-=- cut here -=-
(gdb) up
#5 0xb67e7724 in nsPasswordManag
aWebProgres
at nsPasswordManag
948 AttachToInput(
(gdb) print userField
$6 = {<nsCOMPtr_base> = {mRawPtr = 0x0}, <No data fields>}
(gdb)
-=- cut here -=-
where the function contains the inline comment:
-=- cut here -=-
// We can auto-prefill the username and password if there is only
// one stored login that matches the username and password field names
// on the form in question. Note that we only need to worry about a
// single login per form.
-=- cut here -=-
All of which tends to confirm my impression that the problem is prefilling in a save password on forms which have only a password field and no username field,
Whatever changed in the code appears to no longer properly handle the situation where there is no username field and instead seems to assume that there'll be a username field to attach to if it finds a password field When it tries to attach to a non-existantant username field, thus dereferencing the null, it crashes.
Ewen