Closed
Bug 272881
Opened 20 years ago
Closed 1 month ago
some rdf related to evil theme from bug 272807 caused crash [@ LiteralImpl::EqualsNode]
Categories
(Core Graveyard :: RDF, defect)
Tracking
(Not tracked)
RESOLVED
INCOMPLETE
People
(Reporter: timeless, Unassigned)
References
Details
(Keywords: crash)
Crash Data
Incident ID: 2292697 Stack Signature LiteralImpl::EqualsNode 5ffa9cc2 Product ID Firefox10 Build ID 2004110711 Trigger Time 2004-12-01 08:35:23.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (000aa906) URL visited User Comments I was trying to create a theme for Firefox. Crash occured during test install of theme. Since Last Crash 17643 sec Total Uptime 17643 sec Trigger Reason Access violation Source File, Line No. d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/rdf/base/src/nsRDFService.cpp, line 608 Stack Trace LiteralImpl::EqualsNode [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/rdf/base/src/nsRDFService.cpp, line 608] XPTC_InvokeByIndex [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102] XPCWrappedNative::CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2034] XPC_WN_CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1287] js_Invoke [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 941] js_Interpret [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 2978] js_Invoke [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 958] nsXPCWrappedJSClass::CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1339] nsXPCWrappedJS::CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 450] SharedStub [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147] XPTC_InvokeByIndex [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102] EventHandler [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/proxy/src/nsProxyEvent.cpp, line 545] shdocvw.dll + 0x150c24 (0x778b0c24) nsPrintObject::Init [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsPrintObject.cpp, line 97] 0x8bd6fff8
Comment 1•20 years ago
|
||
Looks as if EqualsNode isn't null-safe, this also crashes: Components.classes['@mozilla.org/rdf/rdf-service;1'].getService(Components.interfaces.nsIRDFService).GetLiteral('').EqualsNode(null);
Comment 2•20 years ago
|
||
Actually, just the Resource and Blob impls of the ::EqualsNode impls are nullsafe. Sadly, they return different results for that. Resource fails and leaves the bool unchanged, Blob sets it to false and returns NS_OK. Investigation on call sites required. Int and Date should do as Blob, Literal should just cast itself to nsIRDFNode and check (that would handle null, too). Unless I make up my mind that we should just compare the pointers themselves for all rdf nodes. I consider a tightened spec of this behaviour as part of our interface overhaul.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Comment 3•20 years ago
|
||
I count 53 callers. 52 callers compare a given node (which I assume was null-checked) with a literal or resource retrived from the RDF service. The 53rd caller compares two nodes retieved using GetTarget. When one target is null this will just fail with a JavaScript TypeError: null has no properties. However the other target is not null-checked thus causing this crash. Pointer comparisons sound good to me, but then why have EqualsNode?
Assignee | ||
Updated•13 years ago
|
Crash Signature: [@ LiteralImpl::EqualsNode]
Comment 4•13 years ago
|
||
This is still technically a crash. Only a handful for 4 weeks across all versions. It might be worth closing but I am going to leave open for now.
Updated•6 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•