Incident ID: 2292697 Stack Signature LiteralImpl::EqualsNode 5ffa9cc2 Product ID Firefox10 Build ID 2004110711 Trigger Time 2004-12-01 08:35:23.0 Platform Win32 Operating System Windows NT 5.1 build 2600 Module firefox.exe + (000aa906) URL visited User Comments I was trying to create a theme for Firefox. Crash occured during test install of theme. Since Last Crash 17643 sec Total Uptime 17643 sec Trigger Reason Access violation Source File, Line No. d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/rdf/base/src/nsRDFService.cpp, line 608 Stack Trace LiteralImpl::EqualsNode [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/rdf/base/src/nsRDFService.cpp, line 608] XPTC_InvokeByIndex [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102] XPCWrappedNative::CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednative.cpp, line 2034] XPC_WN_CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappednativejsops.cpp, line 1287] js_Invoke [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 941] js_Interpret [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 2978] js_Invoke [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/jsinterp.c, line 958] nsXPCWrappedJSClass::CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappedjsclass.cpp, line 1339] nsXPCWrappedJS::CallMethod [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/js/src/xpconnect/src/xpcwrappedjs.cpp, line 450] SharedStub [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcstubs.cpp, line 147] XPTC_InvokeByIndex [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/reflect/xptcall/src/md/win32/xptcinvoke.cpp, line 102] EventHandler [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/xpcom/proxy/src/nsProxyEvent.cpp, line 545] shdocvw.dll + 0x150c24 (0x778b0c24) nsPrintObject::Init [d:/builds/tinderbox/firefox-1.0/WINNT_5.0_Clobber/mozilla/content/base/src/nsPrintObject.cpp, line 97] 0x8bd6fff8
Looks as if EqualsNode isn't null-safe, this also crashes: Components.classes['@mozilla.org/rdf/rdf-service;1'].getService(Components.interfaces.nsIRDFService).GetLiteral('').EqualsNode(null);
Actually, just the Resource and Blob impls of the ::EqualsNode impls are nullsafe. Sadly, they return different results for that. Resource fails and leaves the bool unchanged, Blob sets it to false and returns NS_OK. Investigation on call sites required. Int and Date should do as Blob, Literal should just cast itself to nsIRDFNode and check (that would handle null, too). Unless I make up my mind that we should just compare the pointers themselves for all rdf nodes. I consider a tightened spec of this behaviour as part of our interface overhaul.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Crash Signature: [@ LiteralImpl::EqualsNode]
This is still technically a crash. Only a handful for 4 weeks across all versions. It might be worth closing but I am going to leave open for now.
You need to log in before you can comment on or make changes to this bug.