Closed Bug 21670 Opened 25 years ago Closed 25 years ago

mozilla Windows build of 12/13 crashes reading particular message

Categories

(MailNews Core :: Networking, defect, P3)

x86
Other
defect

Tracking

(Not tracked)

CLOSED FIXED

People

(Reporter: jdunn, Assigned: jefft)

References

Details

(Whiteboard: fix in hand, ready for review and check in)

Attachments

(2 files)

I am sending Alec and mscott an email that was sent out earlier
that causes the
1999-12-13-09-M12 Win32 mozilla/commercial build complete]
build to crash along with crashing my HP-UX debug version.

In my HP debug build I traced it too the following
mailnews/local/src/nsLocalMailFolder.cpp line 1558.

When I debug this on HP (I am not sure if it is the exact same problem on
windows), I go through the while (aLength > 0) loop 3 times.

1st time m_leftOver = 0;
2nd time m_leftOver = 1735
3rd time (before line 1558) m_leftOver = 4096
3rd time (after line 1558) m_leftOver = 1852728684
Which really screws up line 1560.
Blocks: 18687
I am using pop3
mail server is nsmail-2.mcom.com
Severity: normal → critical
QA Contact: lchiang → pmock
Summary: mozilla Windows build of 12/13 crashes reading mail → mozilla Windows build of 12/13 crashes reading particular message
This doesn't happen on all msgs, does it?
Only a couple, I attached the msg to this email, and you will
notice that it is a simple email that mscott sent out over the
weekend.  I think it happened with other msgs in my inbox but
in debugging the problem those emails got lost.
Whoever needs this email, I can send it too them.

Personally I think this is dogfood, since I think it is caused
by some lower core problem.  And I know it is dogfood for me.
I think I understand what is going on.
The email in question does not contain any '/n' in the body.
So the code begins reading the data and then it gets to a point
and 'end' is NULL (line 1572) and alength=63 or something.
so on line 1573, we set mCopyState->m_leftOver = PL_strlen(start);
and that turns out to be mCopyState->m_leftOver = 1980... which
i think is bad.

Shouldn't it be something like
mCopyState->m_leftOver = (PL_strlen(start) < aLength) ? PL_strlen(start) :
aLength;
Assignee: alecf → jefft
line-ending problem. Assign to jefft for now, staying on CC in case anything
interesting comes along. Jim - you don't have a patch by any chance, do ya?
Do you know what mailer the message was sent with? that would make it easier to
reproduce..
Alec, the message is one I sent so it came from seamonkey.
Status: NEW → ASSIGNED
Target Milestone: M12
Anyone still has the original message? The message attached doesn't look right
to me: 1) dummy berkerley header has been escaped ">From ..." which indicates
that it's part of another message, 2) the X-Mozilla-Status: header is missing
only x-Mozilla-Status2: presented.
The code looks like another place for performance tuning. We should aviod using
PL_strlen to determine how big the remaining buffer is.
I sent Jeff the msg.
I have put the suggested fix in my hp tree and that seems to
work.  It is totally unoptimized but I just wanted my mail to work.
Thanks Jim.
Whiteboard: fix in hand, ready for review and check in
Target Milestone: M12 → M3
I am holding off my check in since I cannot reproduce the problem and people
around me don't seem have this problem. Jim, I wonder you might have a corrupted
summary database. Could you try delete your Inbox.msf file, relaunch the mail
client and then see if the problem still exists? I am moving the target
milestone to M13. Jim if you don't aggree please feel free to move it back.
Thanks, -- jt
I am not really worried about this making M12.
I can still recreate it.  I deleted my ENTIRE
mozprofile on windows and then created a new one
Jim Dunn
jdunn@netscape.com
nsmail2-mcom.com
POP3

I sent myself the email from 4.7
I 'downloaded' the mail in SeaMonkey
I 'selected' & 'viewed' the mail.
I deleted it. SeaMonkey crashed in MSGLOCAL.DLL

NOTE: I am running on Win98
Target Milestone: M3 → M13
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Fix checked in. nsLocalMailFolder.cpp nsImapMailFolder.cpp modified.
I just pulled the tip and I am no longer crashing on HP...

This can be marked

VERIFIED...
Status: RESOLVED → VERIFIED
great - will mark verified per jdunn's comments.
closing
Status: VERIFIED → CLOSED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: