Closed Bug 214336 Opened 22 years ago Closed 22 years ago

crashes in mime_find_class() when editing (ctrl-e) a signed email

Categories

(Thunderbird :: Mail Window Front End, defect)

Product:
Thunderbird
Component:
Mail Window Front End
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: calum.mackay, Assigned: mscott)

Details

Attachments

(1 file)

patch to check that pref is set before dereferencing it
1.10 KB, patch
Details | Diff | Splinter Review
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5b) Gecko/20030729 Mozilla Firebird/0.6.1 Build Identifier: thunderbird cvs 2003072918 When attempting to edit (ctrl-e) a signed message, thunderbird immediately crashes. Reproducible: Always Steps to Reproduce: 1.Select a mail message with a signature 2.ctrl-e to edit 3. Actual Results: crashes Expected Results: shouldn't The crash is here, in Thunderbird-specific code: [mailnews/mime/src/mimei.cpp] #ifdef MOZ_THUNDERBIRD // first, check to see if the message has been marked as JUNK. If it has, // then force the message to be rendered as simple. PRBool sanitizeJunkMail = PR_FALSE; // it is faster to read the pref first then figure out the msg hdr for the current url only if we have to // XXX instead of reading this pref every time, part of mime should be an observer listening to this pref change // and updating internal state accordingly. But none of the other prefs in this file seem to be doing that...=( pref->GetBoolPref("mailnews.display.sanitizeJunkMail", &sanitizeJunkMail); <- XXX crash here (gdb) up #7 0x421973b5 in mime_find_class(char const*, MimeHeaders*, MimeDisplayOptions*, int) (content_type=Error accessing memory address 0xbfffe630: No such process. ) at mimei.cpp:456 456 pref->GetBoolPref("mailnews.display.sanitizeJunkMail", &sanitizeJunkMail); (gdb) bt #0 0x40777e81 in nanosleep () from /lib/libc.so.6 #1 0x4023dd0d in nanosleep () from /lib/libpthread.so.0 #2 0x40777e10 in sleep () from /lib/libc.so.6 #3 0x08064022 in ah_crap_handler(int) (signum=11) at nsSigHandlers.cpp:135 #4 0x40f8427e in nsProfileLock::FatalSignalHandler(int) (signo=11) at nsProfileLock.cpp:195 #5 0x4023f75a in __pthread_sighandler () from /lib/libpthread.so.0 #6 <signal handler called> #7 0x421973b5 in mime_find_class(char const*, MimeHeaders*, MimeDisplayOptions*, int) (content_type=0x8a692e8 "multipart/signed", hdrs=0x870ed60, opts=0x0, exact_match_p=1) at mimei.cpp:456 #8 0x42198536 in mime_crypto_object_p(MimeHeaders*, int) (hdrs=0x870ed60, clearsigned_counts=0) at mimei.cpp:1111 #9 0x4219d31e in MimeMessage_close_headers (obj=0x873b538) at mimemsg.cpp:309 #10 0x4219d281 in MimeMessage_parse_line (aLine=0x8910668 "\n-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)\ne\"; micalg=sha1; boundary=\"", '-' <repeats 12 times>, "ms020407090900010300050006\"\n", aLength=1, obj=0x873b538) at mimemsg.cpp:282 #11 0x421a6ff6 in convert_and_send_buffer (buf=0x8910668 "\n-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)\ne\"; micalg=sha1; boundary=\"", '-' <repeats 12 times>, "ms020407090900010300050006\"\n", length=1, convert_newlines_p=1, per_line_fn=0x4219cf5c <MimeMessage_parse_line>, closure=0x873b538) at mimebuf.cpp:168 #12 0x421a718d in mime_LineBuffer (net_buffer=0x891cab3 "\nThis is a cryptographically signed message in MIME format.\n\n", '-' <repeats 14 times>, "ms020407090900010300050006\nContent-Type: text/plain; charset=us-ascii; format=flowed\nContent-Transfer-Encoding: 7bit\n\nsign te"..., net_buffer_size=5381, bufferP=0x873b560, buffer_sizeP=0x873b568, buffer_fpP=0x873b570, convert_newlines_p=1, per_line_fn=0x4219cf5c <MimeMessage_parse_line>, closure=0x873b538) at mimebuf.cpp:253 #13 0x421a0540 in MimeObject_parse_buffer (buffer=0x891c598 "Received: from sunuk.uk.sun.com (sunuk.UK.Sun.COM [129.156.85.58])\n\tby clem.uk.sun.com (8.12.9+Sun/8.12.9/CTE 3.0) with ESMTP id h6THX3dI008805\n\tfor <calum@clem.UK.Sun.COM>; Tue, 29 Jul 2003 18:33:03 "..., size=6688, obj=0x873b538) at mimeobj.cpp:245 #14 0x421b49cc in mime_parse_stream_write (stream=0x0, buf=0x891c598 "Received: from sunuk.uk.sun.com (sunuk.UK.Sun.COM [129.156.85.58])\n\tby clem.uk.sun.com (8.12.9+Sun/8.12.9/CTE 3.0) with ESMTP id h6THX3dI008805\n\tfor <calum@clem.UK.Sun.COM>; Tue, 29 Jul 2003 18:33:03 "..., size=6688) at mimedrft.cpp:459 #15 0x421b2947 in nsStreamConverter::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned, unsigned) (this=0x88ede60, request=0x8a1b7a8, ctxt=0x88f5b94, aIStream=0x8a03fd4, sourceOffset=0, aLength=6688) at nsStreamConverter.cpp:953 #16 0x420c70ef in nsImapCacheStreamListener::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned, unsigned) (this=0x85eb440, request=0x86028a8, aCtxt=0x88f5b94, aInStream=0x8a03fd4, aSourceOffset=0, aCount=6688) at nsImapProtocol.cpp:7454 #17 0x40d56b85 in nsInputStreamPump::OnStateTransfer() (this=0x86028a8) at nsInputStreamPump.cpp:418 #18 0x40d5687b in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) (this=0x86028a8, stream=0x8a03fd4) at nsInputStreamPump.cpp:321 #19 0x40165a71 in nsInputStreamReadyEvent::EventHandler(PLEvent*) (plevent=0x0) at nsStreamUtils.cpp:116 #20 0x40182942 in PL_HandleEvent (self=0x8a3006c) at plevent.c:671 #21 0x4018281b in PL_ProcessPendingEvents (self=0x80eaf80) at plevent.c:606 #22 0x4018468a in nsEventQueueImpl::ProcessPendingEvents() (this=0x80eaf58) at nsEventQueue.cpp:387 #23 0x40f0e116 in event_processor_callback (source=0x82589c8, condition=G_IO_IN, data=0x0) at nsAppShell.cpp:67 #24 0x405e1cf7 in g_vsnprintf () from /usr/lib/libglib-2.0.so.0 #25 0x405c51bb in unblock_source () from /usr/lib/libglib-2.0.so.0 #26 0x405c60ad in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #27 0x405c63af in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #28 0x405c69de in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #29 0x4033da77 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #30 0x40f0e6c4 in nsAppShell::Run() (this=0x815d288) at nsAppShell.cpp:142 #31 0x40ebeae7 in nsAppShellService::Run() (this=0x8154910) at nsAppShellService.cpp:477 #32 0x0805b0a2 in main1 (argc=1, argv=0xbffff6a4, nativeApp=0x80c9aa8, aAppData=@0xbffff610) at nsAppRunner.cpp:1281 #33 0x0805b950 in xre_main(int, char**, nsXREAppData const&) (argc=1, argv=0xbffff6a4, aAppData=@0xbffff610) at nsAppRunner.cpp:1692 #34 0x08057a04 in main (argc=1, argv=0xbffff6a4) at nsMailApp.cpp:51
Bit of a mystery... Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 23815)] 0x421963b5 in mime_find_class(char const*, MimeHeaders*, MimeDisplayOptions*, int) (content_type=0x8fd13e0 "multipart/signed", hdrs=0x894de08, opts=0x0, exact_match_p=1) at mimei.cpp:456 456 pref->GetBoolPref("mailnews.display.sanitizeJunkMail", &sanitizeJunkMail); (gdb) ptype sanitizeJunkMail type = int (gdb) print sanitizeJunkMail $1 = 0 (gdb) print &sanitizeJunkMail $2 = (PRBool *) 0xbfffed20 What does GetBoolPref() do if it doesn't recognise the pref, I wonder?
I don't have junk mail filtering turned on; would this cause the pref not to be initialised correctly, I wonder?
pref is not yet initialized before we try to derefernce it. 5 line or so above int the non THUNDERBIRD block we have if (pref) { ... } we need todo the same thing here.
Yup, that's it exactly; how stupid of me to miss it :( (gdb) print pref $1 = (nsIPref *) 0x0
Comment on attachment 128814 [details] [diff] [review] patch to check that pref is set before dereferencing it sr=mscott if you want to check this in
fixed.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: