Note: There are a few cases of duplicates in user autocompletion which are being worked on.

crash nsXPCWrappedJSClass::CallQueryInterfaceOnJSObject calling Components.utils.getWeakReference(undefined)

RESOLVED FIXED in mozilla9

Status

()

Core
XPConnect
RESOLVED FIXED
6 years ago
6 years ago

People

(Reporter: Mook (work), Assigned: Hari R)

Tracking

({crash})

Trunk
mozilla9
crash
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [good first bug] [mentor=jdm], crash signature)

Attachments

(1 attachment, 2 obsolete attachments)

(Reporter)

Description

6 years ago
This bug was filed from the Socorro interface and is 
report bp-5c51e855-6c33-4d53-9249-326872110901 .
============================================================= 

STR:
1) Open error console
2) Evaluate: Components.utils.getWeakReference(undefined)

Expected results:
"undefined", possibly, or "null".

Actual results: 
crash.

Additional information:
Calling Components.utils.getWeakReference() (with no arguments) doesn't crash; it's only if you supplied undefined as the argument.
Pretty sure you can't reach getWeakReference from unprivileged script...

Comment 1

6 years ago
The first step here for a new contributor taking this bug on would be to reproduce the crash under gdb.
Whiteboard: [good first bug] [mentor=jdm]
(Assignee)

Comment 2

6 years ago
Taking this up and working on it.

Updated

6 years ago
Assignee: nobody → innomotive
(Assignee)

Comment 3

6 years ago
Created attachment 560115 [details] [diff] [review]
Proposed patch

Proposed patch to fix this bug. Please review.

Updated

6 years ago
Attachment #560115 - Flags: review?(mrbkap)
Comment on attachment 560115 [details] [diff] [review]
Proposed patch

Review of attachment 560115 [details] [diff] [review]:
-----------------------------------------------------------------

Thanks for the patch! It looks good, but there's a little more cleanup to be done here.

::: js/src/xpconnect/src/xpcJSWeakReference.cpp
@@ +75,3 @@
>      
>      JSObject *obj;
>      if (!JS_ValueToObject(cx, argv[0], &obj))

Since the if statement above excludes primitives, we know here that argv[0] is an object. So instead of calling JS_ValueToObject, this can just set obj to JSVAL_TO_OBJECT(argv[0]).
Attachment #560115 - Flags: review?(mrbkap)
(Assignee)

Comment 5

6 years ago
Created attachment 560303 [details] [diff] [review]
Proposed patch (pass 2)

Patch with review points from Comment 4 included. Should be applied after the previous patch.
Attachment #560303 - Flags: review?
(Assignee)

Comment 6

6 years ago
Created attachment 560313 [details] [diff] [review]
Proposed patch (pass 3)

Patch that consolidates previous two patches.

Please review.
Attachment #560115 - Attachment is obsolete: true
Attachment #560303 - Attachment is obsolete: true
Attachment #560303 - Flags: review?
Attachment #560313 - Flags: review?(mrbkap)
Attachment #560313 - Flags: review?(josh)

Comment 7

6 years ago
Comment on attachment 560313 [details] [diff] [review]
Proposed patch (pass 3)

This is all in Blake's hands.
Attachment #560313 - Flags: review?(josh)
Comment on attachment 560313 [details] [diff] [review]
Proposed patch (pass 3)

Looks great! Thanks again.
Attachment #560313 - Flags: review?(mrbkap) → review+

Comment 9

6 years ago
http://hg.mozilla.org/integration/mozilla-inbound/rev/2b458be3c7b7
https://hg.mozilla.org/mozilla-central/rev/2b458be3c7b7

Thanks a lot Hari for your patch!  This was a great first patch, and I do hope to see you around in Bugzilla more often.  :-)
Status: NEW → RESOLVED
Last Resolved: 6 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla9
You need to log in before you can comment on or make changes to this bug.