Crash [@ nsJSIID::Equals] for null other

RESOLVED FIXED

Status

()

--
critical
RESOLVED FIXED
15 years ago
15 years ago

People

(Reporter: timeless, Assigned: timeless)

Tracking

({crash})

Trunk
x86
Windows XP
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(crash signature, URL)

Attachments

(1 attachment)

(Assignee)

Description

15 years ago
steps to reproduce:
1. run xpcshell
2.
js> Components.interfaces.nsISupports.equals(null)

Expected result:
 false or an exception

Actual result:
crash

>	xpc3250.dll!nsJSIID::Equals(nsIJSID * other=0x00000000, int *
_retval=0x0012e864)  Line 439 + 0x3	C++
 	xpcom.dll!XPTC_InvokeByIndex(nsISupports * that=0x00f4b0c8, unsigned int
methodIndex=0x00000007, unsigned int paramCount=0x00000002, nsXPTCVariant *
params=0x0012e854)  Line 102	C++
 	xpc3250.dll!XPCWrappedNative::CallMethod(XPCCallContext & ccx={...},
XPCWrappedNative::CallMode mode=CALL_METHOD)  Line 2028 + 0x16	C++

Reproduced w/ trunk.
(Assignee)

Comment 1

15 years ago
Created attachment 151603 [details] [diff] [review]
handle null
(Assignee)

Updated

15 years ago
Attachment #151603 - Flags: review?(BradleyJunk)
untrusted code can crash mozilla this way, too... see url field

Comment 3

15 years ago
nsJSID::Equals returns an error on this condition same. I'm wondering if they
should behave the same. I'm not saying that nsJSID::Equals is necessarily the
right behavior.

Comment 4

15 years ago
Comment on attachment 151603 [details] [diff] [review]
handle null

Doh, ok, retval != other. So this will make it behave the same as
nsJSID::Equals
Attachment #151603 - Flags: review?(BradleyJunk) → review+

Comment 5

15 years ago
Oh, and I'd add a check for null of _retval as well like nsJSID::Equals does 
(Assignee)

Updated

15 years ago
Attachment #151603 - Flags: superreview?(shaver)
Comment on attachment 151603 [details] [diff] [review]
handle null

sold.
Attachment #151603 - Flags: superreview?(shaver) → superreview+
(Assignee)

Comment 7

15 years ago
mozilla/js/src/xpconnect/src/xpcjsid.cpp 	1.64
Status: NEW → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → FIXED
Crash Signature: [@ nsJSIID::Equals]
You need to log in before you can comment on or make changes to this bug.