Last Comment Bug 633232 - nsIMIMEService.getTypeFromURI(null) crashes [@ nsExternalHelperAppService::GetTypeFromURI(nsIURI*, nsACString_internal&) ]
: nsIMIMEService.getTypeFromURI(null) crashes [@ nsExternalHelperAppService::Ge...
Status: RESOLVED FIXED
: crash
Product: Core Graveyard
Classification: Graveyard
Component: File Handling (show other bugs)
: Trunk
: All All
: -- critical (vote)
: mozilla6
Assigned To: timeless
:
:
Mentors:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-02-10 09:22 PST by Dave Garrett
Modified: 2016-06-22 12:16 PDT (History)
3 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---
?
?
?


Attachments
patch (719 bytes, patch)
2011-02-27 18:48 PST, timeless
cbiesinger: review+
Details | Diff | Splinter Review

Description Dave Garrett 2011-02-10 09:22:52 PST
I stumbled across this when attempting to write drag & drop support for a file.

Easy test: execute this in the Error Console for an crash:
Components.classes["@mozilla.org/mime;1"].getService(Components.interfaces.nsIMIMEService).getTypeFromURI(null);

3.6.13 on Windows:  bp-3cc36a71-f34d-4ebe-ac6f-b7d502110210
3.6.13 on Linux:    bp-29bd2e99-cddc-43c0-81fe-7a50d2110210
4.0b12pre on Linux: bp-915d00df-c282-42b0-a675-92edb2110210

http://hg.mozilla.org/releases/mozilla-1.9.2/annotate/0c159bd1d600/uriloader/exthandler/nsExternalHelperAppService.cpp#l2693

Looks like it just needs a null check for aURI up top.
Comment 1 Dave Garrett 2011-02-10 09:47:45 PST
getTypeFromFile also crashes -> filed bug 633240
Comment 2 Dave Garrett 2011-02-24 12:34:06 PST
Not a candidate for blocking, as far as I can tell. It's been this way since at least Firefox 3.0 and I don't see a way to get at this from the web, though if anyone else does please say so. Requesting wanted+ for all affected branches.
Comment 3 timeless 2011-02-27 18:48:57 PST
Created attachment 515545 [details] [diff] [review]
patch
Comment 4 Dave Garrett 2011-04-25 11:16:46 PDT
These two crash bugs (bug 633232 & bug 633240) have reviewed one-line patches. Any reason they can't land now? They should at least be able to land on Trunk at this point, I would think. Could they also make Firefox 4.0.1 too?
Comment 5 Dão Gottwald [:dao] 2011-04-27 03:16:01 PDT
http://hg.mozilla.org/mozilla-central/rev/42768e2b3a4c
Comment 6 Vlad [QA] 2011-07-27 06:20:43 PDT
How can this be tested?
thanks.
Comment 7 Dave Garrett 2011-07-27 09:17:39 PDT
(In reply to comment #6)
> How can this be tested?

These two bugs (bug 633232 & bug 633240) both have the necessary one line tests in their descriptions. Just run that one line anywhere with chrome privileges. The lazy test is to dump it into the Error Console code evaluation field, but a proper test could be written to run it if desired. When either is run on anything prior to the fix landing in Gecko 6 it crashes and with the fix it throws an invalid pointer exception as one would expect.

Note You need to log in before you can comment on or make changes to this bug.