Closed
Bug 132548
Opened 22 years ago
Closed 22 years ago
mail message crashes mozilla
Categories
(MailNews Core :: Security: S/MIME, defect, P1)
Tracking
(Not tracked)
VERIFIED
FIXED
psm2.2
People
(Reporter: tom.vandenhove, Assigned: KaiE)
Details
(Keywords: crash)
Attachments
(1 file)
5.27 KB,
text/plain
|
Details |
When opening some mail messages (on imap mail server: netscape messenger), mozilla crashes (segmentation fault). I have this problem with two messages, both containing S/MIME signatures and several To: or CC: lines... however, other messages with S/MIME or multiple recipients do not crash mozilla. I've tested this on W2K as well and did not have problems opening those same messages... Mozilla versions : 0.9.9 and latest nightly talkback incident ID's : TB4297879G and TB4178474Q
Updated•22 years ago
|
Severity: major → critical
Keywords: crash,
stackwanted
pk11_mkHandle() pk11_searchCertsAndTrust() pk11_searchTokenList() NSC_FindObjectsInit() traverse_objects_by_template() nssToken_TraverseCertificatesBySubject() NSSTrustDomain_FindCertificatesBySubject() find_issuer_cert_for_identifier() NSSCertificate_BuildChain() CERT_FindCertIssuer() CERT_VerifyCertChain() CERT_VerifyCert() NSS_CMSSignerInfo_VerifyCertificate() NSS_CMSSignedData_VerifySignerInfo() nsCMSMessage::VerifyDetachedSignature() MimeMultCMS_generate() MimeMultipartSigned_emit_child() MimeMultipartSigned_parse_eof() MimeContainer_parse_eof() MimeMessage_parse_eof() mime_display_stream_complete() nsStreamConverter::OnStopRequest() nsDocumentOpenInfo::OnStopRequest() nsStreamListenerTee::OnStopRequest() nsOnStopRequestEvent0::HandleEvent() nsStreamListenerEvent0::HandlePLEvent() PL_HandleEvent() PL_ProcessPendingEvents() nsEventQueueImpl::ProcessPendingEvents() event_processor_callback() our_gdk_io_invoke() libglib-1.2.so.0 + 0xea7a (0x40395a7a) libglib-1.2.so.0 + 0x10055 (0x40397055) libglib-1.2.so.0 + 0x10659 (0x40397659) libglib-1.2.so.0 + 0x107e8 (0x403977e8) libgtk-1.2.so.0 + 0x9127b (0x402b327b) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x1c627 (0x404f4627)
Comment 2•22 years ago
|
||
-> PSM
Assignee: mscott → ssaux
Status: UNCONFIRMED → NEW
Component: Mail Back End → S/MIME
Ever confirmed: true
Keywords: stackwanted
Product: MailNews → PSM
QA Contact: esther → alam
Version: other → unspecified
Comment 3•22 years ago
|
||
cc kai, relyea, wtc.
Comment 4•22 years ago
|
||
nominating nsbeta1
Assignee | ||
Comment 5•22 years ago
|
||
Tom, ideally it would be helpful if you could attach that message in its raw format to this bug. Maybe the following helps: You could try to start the application, but not enter the security password when you are prompted, just press cancel. When you clicked on the message, and it did not crash yet, you could use "View Message Source" from the menu to open the raw message, put that data into a text file and attach it to this bug. Thanks!
Assignee | ||
Comment 6•22 years ago
|
||
Bob, Ian, we don't have local variable values in the crash data, so we have to guess about the cause. We know the crash happened directly within pk11_mkHandle. I see only one line that could cause a crash directly within that function, it is the line that dereferences the dbKey pointer, that has been passed in as an argument. I guess this pointer was either NULL or invalid. I suggest function pk11_mkHandle should be changed to be failsafe.
Assignee | ||
Comment 7•22 years ago
|
||
I suggest to fix the crash for the beta.
Reporter | ||
Comment 8•22 years ago
|
||
this message (among others) makes mozilla crash...
Reporter | ||
Comment 9•22 years ago
|
||
I've attached one of the messages which trigger the crash. Some other remarks : removing my .mozilla folder (and thus losing and recreating all my settings) solves the problem : I can then open this message without problems. However, I don't think that should qualify as a proper solution ;-) The problem might resurface at any time... Also, just removing the ImapMail folder does not solve the problem... Any ideas on which other files/folders might be related to this problem ? Tom
Updated•22 years ago
|
QA Contact: alam → carosendahl
Assignee | ||
Comment 10•22 years ago
|
||
Bob, do you agree to my suggestion in comment #6 ?
Comment 12•22 years ago
|
||
No, you are simply masking whatever the real problem is. Something is seriously wrong if that pointer is invalid. (note it's passed in as &cert->certKey, so that cert would have to be an invalid pointer). Also not that the chances of dbKey being '0' is almost nill (even if cert is NULL). Kae, can you reproduce this with the stuff he's sent? My guess is the problem is probably corruption in the database itself.. bob
Comment 13•22 years ago
|
||
See bug 134992. I've been tracking on this all day. I'd need to compile certutil to look at the database, but off hand, I know that deleting a cert or attempting to replace a cert whether through regular mail correspondence or directly from a directory server begins the downward spiral. There are two cert7.db files in the other bug that seem to be corrupted.
Comment 14•22 years ago
|
||
This is great bug to fix, but we are removing adt1.0.0 because there is no patch to approve for checkin, nore the requisite reviews.
Keywords: adt1.0.0
Assignee | ||
Comment 15•22 years ago
|
||
Unfortunately I'm unable to reproduce the problem. I copied that message to a mail file in my "Local Folders" and I can open and display it just fine, and it is shown as signed. Tom, as you said, it depends on your profile. This really sounds like your cert database file is corrupted. How could we try to find out why users manage to get corrupted databases?
Assignee | ||
Comment 16•22 years ago
|
||
Note, there is a patch in bug 136625, which might fix this crash.
Reporter | ||
Comment 17•22 years ago
|
||
I've just tested this with RC1 and it seems to work fine now... no more crashes with those same messages that caused the crash before... thx guys ! This was really annoying me... Tom
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 18•22 years ago
|
||
Verified - no longer crashes with message attachment in the defect.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•