Closed
Bug 214336
Opened 21 years ago
Closed 21 years ago
crashes in mime_find_class() when editing (ctrl-e) a signed email
Categories
(Thunderbird :: Mail Window Front End, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: calum.mackay, Assigned: mscott)
Details
Attachments
(1 file)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030729 Mozilla Firebird/0.6.1
Build Identifier: thunderbird cvs 2003072918
When attempting to edit (ctrl-e) a signed message, thunderbird immediately crashes.
Reproducible: Always
Steps to Reproduce:
1.Select a mail message with a signature
2.ctrl-e to edit
3.
Actual Results:
crashes
Expected Results:
shouldn't
The crash is here, in Thunderbird-specific code:
[mailnews/mime/src/mimei.cpp]
#ifdef MOZ_THUNDERBIRD
// first, check to see if the message has been marked as JUNK. If it has,
// then force the message to be rendered as simple.
PRBool sanitizeJunkMail = PR_FALSE;
// it is faster to read the pref first then figure out the msg hdr for the
current url only if we have to
// XXX instead of reading this pref every time, part of mime should be an
observer listening to this pref change
// and updating internal state accordingly. But none of the other prefs in
this file seem to be doing that...=(
pref->GetBoolPref("mailnews.display.sanitizeJunkMail", &sanitizeJunkMail); <-
XXX crash here
(gdb) up
#7 0x421973b5 in mime_find_class(char const*, MimeHeaders*,
MimeDisplayOptions*, int) (content_type=Error accessing memory address
0xbfffe630: No such process.
) at mimei.cpp:456
456 pref->GetBoolPref("mailnews.display.sanitizeJunkMail", &sanitizeJunkMail);
(gdb) bt
#0 0x40777e81 in nanosleep () from /lib/libc.so.6
#1 0x4023dd0d in nanosleep () from /lib/libpthread.so.0
#2 0x40777e10 in sleep () from /lib/libc.so.6
#3 0x08064022 in ah_crap_handler(int) (signum=11) at nsSigHandlers.cpp:135
#4 0x40f8427e in nsProfileLock::FatalSignalHandler(int) (signo=11) at
nsProfileLock.cpp:195
#5 0x4023f75a in __pthread_sighandler () from /lib/libpthread.so.0
#6 <signal handler called>
#7 0x421973b5 in mime_find_class(char const*, MimeHeaders*,
MimeDisplayOptions*, int) (content_type=0x8a692e8 "multipart/signed",
hdrs=0x870ed60, opts=0x0, exact_match_p=1) at mimei.cpp:456
#8 0x42198536 in mime_crypto_object_p(MimeHeaders*, int) (hdrs=0x870ed60,
clearsigned_counts=0) at mimei.cpp:1111
#9 0x4219d31e in MimeMessage_close_headers (obj=0x873b538) at mimemsg.cpp:309
#10 0x4219d281 in MimeMessage_parse_line (aLine=0x8910668
"\n-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)\ne\";
micalg=sha1; boundary=\"", '-' <repeats 12 times>,
"ms020407090900010300050006\"\n", aLength=1, obj=0x873b538) at mimemsg.cpp:282
#11 0x421a6ff6 in convert_and_send_buffer (buf=0x8910668
"\n-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)\ne\";
micalg=sha1; boundary=\"", '-' <repeats 12 times>,
"ms020407090900010300050006\"\n", length=1, convert_newlines_p=1,
per_line_fn=0x4219cf5c <MimeMessage_parse_line>, closure=0x873b538) at
mimebuf.cpp:168
#12 0x421a718d in mime_LineBuffer (net_buffer=0x891cab3 "\nThis is a
cryptographically signed message in MIME format.\n\n", '-' <repeats 14 times>,
"ms020407090900010300050006\nContent-Type: text/plain; charset=us-ascii;
format=flowed\nContent-Transfer-Encoding: 7bit\n\nsign te"...,
net_buffer_size=5381, bufferP=0x873b560, buffer_sizeP=0x873b568,
buffer_fpP=0x873b570, convert_newlines_p=1, per_line_fn=0x4219cf5c
<MimeMessage_parse_line>, closure=0x873b538) at mimebuf.cpp:253
#13 0x421a0540 in MimeObject_parse_buffer (buffer=0x891c598 "Received: from
sunuk.uk.sun.com (sunuk.UK.Sun.COM [129.156.85.58])\n\tby clem.uk.sun.com
(8.12.9+Sun/8.12.9/CTE 3.0) with ESMTP id h6THX3dI008805\n\tfor
<calum@clem.UK.Sun.COM>; Tue, 29 Jul 2003 18:33:03 "..., size=6688,
obj=0x873b538) at mimeobj.cpp:245
#14 0x421b49cc in mime_parse_stream_write (stream=0x0, buf=0x891c598 "Received:
from sunuk.uk.sun.com (sunuk.UK.Sun.COM [129.156.85.58])\n\tby clem.uk.sun.com
(8.12.9+Sun/8.12.9/CTE 3.0) with ESMTP id h6THX3dI008805\n\tfor
<calum@clem.UK.Sun.COM>; Tue, 29 Jul 2003 18:33:03 "..., size=6688) at
mimedrft.cpp:459
#15 0x421b2947 in nsStreamConverter::OnDataAvailable(nsIRequest*, nsISupports*,
nsIInputStream*, unsigned, unsigned) (this=0x88ede60, request=0x8a1b7a8,
ctxt=0x88f5b94, aIStream=0x8a03fd4, sourceOffset=0, aLength=6688) at
nsStreamConverter.cpp:953
#16 0x420c70ef in nsImapCacheStreamListener::OnDataAvailable(nsIRequest*,
nsISupports*, nsIInputStream*, unsigned, unsigned) (this=0x85eb440,
request=0x86028a8, aCtxt=0x88f5b94, aInStream=0x8a03fd4, aSourceOffset=0,
aCount=6688) at nsImapProtocol.cpp:7454
#17 0x40d56b85 in nsInputStreamPump::OnStateTransfer() (this=0x86028a8) at
nsInputStreamPump.cpp:418
#18 0x40d5687b in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*)
(this=0x86028a8, stream=0x8a03fd4) at nsInputStreamPump.cpp:321
#19 0x40165a71 in nsInputStreamReadyEvent::EventHandler(PLEvent*) (plevent=0x0)
at nsStreamUtils.cpp:116
#20 0x40182942 in PL_HandleEvent (self=0x8a3006c) at plevent.c:671
#21 0x4018281b in PL_ProcessPendingEvents (self=0x80eaf80) at plevent.c:606
#22 0x4018468a in nsEventQueueImpl::ProcessPendingEvents() (this=0x80eaf58) at
nsEventQueue.cpp:387
#23 0x40f0e116 in event_processor_callback (source=0x82589c8, condition=G_IO_IN,
data=0x0) at nsAppShell.cpp:67
#24 0x405e1cf7 in g_vsnprintf () from /usr/lib/libglib-2.0.so.0
#25 0x405c51bb in unblock_source () from /usr/lib/libglib-2.0.so.0
#26 0x405c60ad in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#27 0x405c63af in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0
#28 0x405c69de in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
#29 0x4033da77 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#30 0x40f0e6c4 in nsAppShell::Run() (this=0x815d288) at nsAppShell.cpp:142
#31 0x40ebeae7 in nsAppShellService::Run() (this=0x8154910) at
nsAppShellService.cpp:477
#32 0x0805b0a2 in main1 (argc=1, argv=0xbffff6a4, nativeApp=0x80c9aa8,
aAppData=@0xbffff610) at nsAppRunner.cpp:1281
#33 0x0805b950 in xre_main(int, char**, nsXREAppData const&) (argc=1,
argv=0xbffff6a4, aAppData=@0xbffff610) at nsAppRunner.cpp:1692
#34 0x08057a04 in main (argc=1, argv=0xbffff6a4) at nsMailApp.cpp:51
|
Reporter | |
Comment 1•21 years ago
|
||
Bit of a mystery...
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 23815)]
0x421963b5 in mime_find_class(char const*, MimeHeaders*, MimeDisplayOptions*,
int) (content_type=0x8fd13e0 "multipart/signed", hdrs=0x894de08, opts=0x0,
exact_match_p=1) at mimei.cpp:456
456 pref->GetBoolPref("mailnews.display.sanitizeJunkMail", &sanitizeJunkMail);
(gdb) ptype sanitizeJunkMail
type = int
(gdb) print sanitizeJunkMail
$1 = 0
(gdb) print &sanitizeJunkMail
$2 = (PRBool *) 0xbfffed20
What does GetBoolPref() do if it doesn't recognise the pref, I wonder?|
|
Reporter | |
Comment 2•21 years ago
|
||
I don't have junk mail filtering turned on; would this cause the pref not to be initialised correctly, I wonder?
pref is not yet initialized before we try to derefernce it.
5 line or so above int the non THUNDERBIRD block we have
if (pref) {
...
}
we need todo the same thing here.
|
|
Reporter | |
Comment 4•21 years ago
|
||
Yup, that's it exactly; how stupid of me to miss it :( (gdb) print pref $1 = (nsIPref *) 0x0
|
|
Reporter | |
Comment 5•21 years ago
|
||
|
Assignee | |
Comment 6•21 years ago
|
||
Comment on attachment 128814 [details] [diff] [review] patch to check that pref is set before dereferencing it sr=mscott if you want to check this in
|
|
Assignee | |
Comment 7•21 years ago
|
||
fixed.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•