Closed
Bug 743376
Opened 13 years ago
Closed 13 years ago
Crash [@ nsXMLHttpRequest::GetInterface]
Categories
(Core :: DOM: Core & HTML, defect)
Tracking
()
RESOLVED
FIXED
mozilla14
| Tracking | Status | |
|---|---|---|
| firefox13 | --- | unaffected |
| firefox14 | - | fixed |
| firefox-esr10 | --- | unaffected |
People
(Reporter: jruderman, Assigned: khuey)
References
Details
(4 keywords, Whiteboard: [advisory-tracking-])
Attachments
(3 files)
I'm guessing this a regression from bug 740069.
|
Reporter | |
Comment 1•13 years ago
|
||
|
||
Comment 2•13 years ago
|
||
Reason: KERN_INVALID_ADDRESS at address: 0x80004005
Why are we treating NS_ERROR_FAILURE as an address? ;)
tracking-firefox14:
--- → ?
|
|
||
Comment 3•13 years ago
|
||
#1 0x14d2f8e2 in nsXMLHttpRequest::GetInterface (this=0x2312e6b0, aIID=@0x80004005, aResult=0xbfff9688) at nsXMLHttpRequest.cpp:3812
#2 0x14d2ff48 in nsXMLHttpRequest::GetInterface (this=0x2312e6b0, aCx=0x1f0a20, aIID=0x2311e3e0, aRv=@0xbfff9708) at nsXMLHttpRequest.cpp:3873
#3 0x1651cde9 in getInterface (cx=0x1f0a20, argc=1, vp=0x1af3a060) at XMLHttpRequestBinding.cpp:530
(gdb) frame 2
#2 0x14d2ff48 in nsXMLHttpRequest::GetInterface (this=0x2312e6b0, aCx=0x1f0a20, aIID=0x2311e3e0, aRv=@0xbfff9708) at nsXMLHttpRequest.cpp:3873
3873 aRv = GetInterface(*iid, getter_AddRefs(result));
(gdb) list
3868 nsXMLHttpRequest::GetInterface(JSContext* aCx, nsIJSIID* aIID, nsresult& aRv)
3869 {
3870 const nsID* iid = aIID->GetID();
3871 nsCOMPtr<nsISupports> result;
3872 JS::Value v = JSVAL_NULL;
3873 aRv = GetInterface(*iid, getter_AddRefs(result));
(gdb) p iid
$1 = (const nsID *) 0x80004005
Group: core-security
|
|
||
Comment 4•13 years ago
|
||
Oh, and:
(gdb) p aIID
$2 = (nsXPTCStubBase *) 0x2311e3e0
|
Assignee | |
Comment 5•13 years ago
|
||
Yeah, we're calling a notxpcom method on an xptcall stub. That can't end well.
|
|
Assignee | |
Updated•13 years ago
|
Assignee: nobody → khuey
|
|
Assignee | |
Comment 6•13 years ago
|
||
PConnect's behavior is insane here ...
That said, its probably worth looking into why this didn't crash before.
|
|
Assignee | |
Comment 7•13 years ago
|
||
Er, that was the wrong diff.
Attachment #613035 -
Flags: review?(bzbarsky)
|
|
||
Comment 8•13 years ago
|
||
Comment on attachment 613035 [details] [diff] [review]
Patch
r=me
We should look into having xpconnect default any interface with notxpcom or noscript methods to builtinclass....
Attachment #613035 -
Flags: review?(bzbarsky) → review+
|
|
Assignee | |
Comment 9•13 years ago
|
||
I started writing that patch but it breaks the world (e.g. nsIClassInfo can no longer be script implemented) so I wrote this instead.
|
|
Assignee | |
Comment 10•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla14
|
||
Updated•13 years ago
|
|
||
Comment 12•13 years ago
|
||
If the regression range is correct this doesn't affect ESR10
status-firefox-esr10:
--- → unaffected
status-firefox13:
--- → unaffected
status-firefox14:
--- → fixed
Keywords: regression
|
|
Assignee | |
Comment 13•13 years ago
|
||
Yes, this definitely does not affect ESR10.
|
|
Reporter | |
Updated•13 years ago
|
Whiteboard: [sg:critical]
|
|
Assignee | |
Comment 14•13 years ago
|
||
This only affected Nightlies, and it's been weeks, so we can open this.
Group: core-security
|
||
Updated•13 years ago
|
Whiteboard: [sg:critical] → [sg:critical][advisory-tracking-]
|
|
||
Updated•13 years ago
|
Keywords: sec-critical
Whiteboard: [sg:critical][advisory-tracking-] → [advisory-tracking-]
|
||
Updated•6 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•