Closed Bug 264728 Opened 20 years ago Closed 20 years ago

Trying to createInstance @mozilla.org/generic-factory;1 crashes

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
RESOLVED DUPLICATE of bug 155413

People

(Reporter: soberholtzer, Assigned: bugzilla)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041016 Firefox/1.0
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20041016 Firefox/1.0

Components.clases['@mozilla.org/generic-factory;1 crashes'].createInstance()
causes Firefox to crash.

Reproducible: Always
Steps to Reproduce:
1. Set signed.applets.codebase_principal_support to true, so that unsigned
scripts can actually *ask* for permission to do crazy things.
2. Go to http://klozoff.ms11.net/uxpc_bug.html
3. Click 'Allow' and watch the fireworks!

Actual Results:  
Firefox dies a horrible, painful death.

Expected Results:  
In my personal opinion, Javascript, no matter how insane or how many privileges
it has, should not be able to crash the browser.

If generic-factory is not really suitable for scripting, it should be marked
noscript.

I have not yet found if any other entries in the classes array crash FF.
Update: FF also crashes if you call getService() in place of createInstance().
this could be bug 155413, but i'm not certain.

reporter: is there some reason you want to create a generic factory?
You are right -- this is a duplicate of that bug.  I even found this one using
nearly a identical piece of code (basically, createInstance for everything in
Components.classes).  Which disturbs me; that bug has discussions on what the
correct fix is, and yet the bug still hasn't been fixed -- *two years later*.

If a component should not be instantiable directly with createInstance, then
createInstance should simply return a failure code.  Note that there are several
objects to which this applies, where getService() works but createInstance()
does not: 
mozilla.org/rdf/datasource;1?name=history
@mozilla.org/download-manager;1
@mozilla.org/browser/bookmarks-service;1
and a few others throw an exception, NS_ERROR_XPC_CI_RETURNED_FAILURE, if you
call createInstance().

Of course, even *that* doesn't apply here, because both getService() and
createInstance() on generic-factory crash Moz/FF.

sorry, i get distracted, when i'm not trying to ship our product i'll try to get
a version of that patch cleaned up and checked in.

*** This bug has been marked as a duplicate of 155413 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.