Closed Bug 248458 Opened 21 years ago Closed 21 years ago

Crash [@ nsJSIID::Equals] for null other

Categories

(Core :: XPConnect, defect)

Product:
Core
Component:
XPConnect
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: timeless, Assigned: timeless)

References

(
URL
)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

handle null
526 bytes, patch
dbradley
: review+
shaver
: superreview+
Details | Diff | Splinter Review
steps to reproduce: 1. run xpcshell 2. js> Components.interfaces.nsISupports.equals(null) Expected result: false or an exception Actual result: crash > xpc3250.dll!nsJSIID::Equals(nsIJSID * other=0x00000000, int * _retval=0x0012e864) Line 439 + 0x3 C++ xpcom.dll!XPTC_InvokeByIndex(nsISupports * that=0x00f4b0c8, unsigned int methodIndex=0x00000007, unsigned int paramCount=0x00000002, nsXPTCVariant * params=0x0012e854) Line 102 C++ xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...}, XPCWrappedNative::CallMode mode=CALL_METHOD) Line 2028 + 0x16 C++ Reproduced w/ trunk.
Attached patch handle nullSplinter Review
Attachment #151603 - Flags: review?(BradleyJunk)
untrusted code can crash mozilla this way, too... see url field
URL: javascript:Components.interfaces.nsIS...
nsJSID::Equals returns an error on this condition same. I'm wondering if they should behave the same. I'm not saying that nsJSID::Equals is necessarily the right behavior.
Comment on attachment 151603 [details] [diff] [review] handle null Doh, ok, retval != other. So this will make it behave the same as nsJSID::Equals
Attachment #151603 - Flags: review?(BradleyJunk) → review+
Oh, and I'd add a check for null of _retval as well like nsJSID::Equals does
Attachment #151603 - Flags: superreview?(shaver)
Comment on attachment 151603 [details] [diff] [review] handle null sold.
Attachment #151603 - Flags: superreview?(shaver) → superreview+
mozilla/js/src/xpconnect/src/xpcjsid.cpp 1.64
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsJSIID::Equals]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: