242944 - Crash when offline search a newsgroup with criteria 'body (doesn't) contains' [@ nsMsgSearchTerm::StripQuotedPrintable]

Status: RESOLVED FIXED

(Thunderbird :: General, defect)

Description

[will smith]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7b) Gecko/20040316
Build Identifier: Mozilla Thunderbird 0.6 (20040502)

Entering a search on message body often causes a crash as soon as I click on
'search'.  Managed to get this 3 times after running about 10-15 different
searches.  Happened both when I searched for a short work ('svm') and when I
didn't enter a search term.  

Possibly only happens when folder being searched itself has subfolders.

Works whether or not i tick the 'search subfolders' box.


Reproducible: Sometimes
Steps to Reproduce:
1. Open thunderbird
2. Tools ... search messages.
3. Change to 'body contains'
4. Choose a folder with a subfolder (this might not be essential)
5. Enter a search term (optional)
6. Click 'search'
Actual Results:  
Instant crash - all Thunderbird windows disappear.

Expected Results:  
Search for the body search term and display results.

Theme = 'Modern for Thunderbird'

Extensions :
Quote Colors 0.1c 
TagZilla 0.049 (disabled)
Free Desktop Integration
jslib


Now I'm trying this in command line mode, cannot reproduce!

Comment 1

[will smith]

Running on Linux Red Hat 9.  Still using Mozilla 'original' as my browser. 
Migrated all my data (including mailbox and large number message filters) last
week.  Edited the necessary scripts to integrate Mozilla and Thunderbird - now
works nicely.

Comment 2

[Tuukka Tolvanen (sp3000)]

    linux thunderbird trunk cvs 20040510: Repeatable 3/3 with the following
    steps (used other short search strings too):

 1. selected Local Folders as it has subfolders with >100M of mail total
 2. tools > search messages: body contains svm, [search]
 3. [stop] as soon as there are some results
 4. body contains bah, [search]

    The stack looks really useless, too:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1084392192 (LWP 6690)]
0x40837ede in mallopt () from /lib/tls/libc.so.6
(gdb) bt
#0  0x40837ede in mallopt () from /lib/tls/libc.so.6
#1  0x400922f8 in __JCR_LIST__ ()
   from
/home/tt/src/mozilla/obj/i686-pc-linux-gnu/thunderbird-gtk2-debug/dist/bin/libmozjs.so
#2  0x40195694 in pthread_mutex_lock () from /lib/tls/libpthread.so.0
#3  0xc4578008 in ?? ()
#4  0x408fb868 in __after_morecore_hook () from /lib/tls/libc.so.6
#5  0x4002bd44 in JS_GetReservedSlot ()
   from
/home/tt/src/mozilla/obj/i686-pc-linux-gnu/thunderbird-gtk2-debug/dist/bin/libmozjs.so

    Here's another one, which I got twice:

(gdb) bt
#0  0x40143ed6 in vtable for nsObsoleteAStringThunk ()
   from
/home/tt/src/mozilla/obj/i686-pc-linux-gnu/thunderbird-gtk2-debug/dist/bin/libxpcom.so
Cannot access memory at address 0xfe4012ab

    Couldn't reproduce on a test profile with small amount of mail...

Comment 3

[Tom Williams]

I was doing something similar using Thunderbird 0.6 on Linux.  I was able to
start the search ok but when I stopped it and changed the search criteria and
started it again, I got the seg fault described here.

I was able to capture this stack trace:

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 16384 (LWP 6077)]
0x40b81079 in NSGetModule () from /home/tom/thunderbird/components/libnecko.so
(gdb) bt
#0  0x40b81079 in NSGetModule () from /home/tom/thunderbird/components/libnecko.so
#1  0x40b81421 in NSGetModule () from /home/tom/thunderbird/components/libnecko.so
#2  0x4013ccce in nsCOMPtr_base::assign_with_AddRef () from thunderbird/libxpcom.so
#3  0x4157e413 in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#4  0x4158127b in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#5  0x4157fef9 in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#6  0x41582977 in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#7  0x4157fd11 in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#8  0x4013cc7b in nsCOMPtr_base::~nsCOMPtr_base () from thunderbird/libxpcom.so
#9  0x4157dff8 in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#10 0x4158716c in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#11 0x415863ff in NSGetModule () from /home/tom/thunderbird/components/libmail.so
#12 0x4012ef15 in XPTC_InvokeByIndex () from thunderbird/libxpcom.so
#13 0x40b476af in NSGetModule () from
/home/tom/thunderbird/components/libxpconnect.so
#14 0x40b4e5d5 in NSGetModule () from
/home/tom/thunderbird/components/libxpconnect.so
#15 0x40050f86 in js_Invoke () from thunderbird/libmozjs.so
#16 0x4005a3f1 in js_Interpret () from thunderbird/libmozjs.so
#17 0x40051057 in js_Invoke () from thunderbird/libmozjs.so
#18 0x40051343 in js_InternalInvoke () from thunderbird/libmozjs.so
#19 0x4002cb0b in JS_CallFunctionValue () from thunderbird/libmozjs.so
#20 0x4139ec32 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#21 0x413d2925 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#22 0x4124a5c9 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#23 0x4124aaa9 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#24 0x413f788b in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#25 0x410cba9c in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#26 0x41170629 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#27 0x41170390 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#28 0x410cb70a in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#29 0x410cb573 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#30 0x412527b4 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#31 0x41250cf7 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#32 0x410cb7a1 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#33 0x410caf21 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#34 0x413964f5 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#35 0x41395885 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#36 0x4138e256 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#37 0x40d0f1b6 in NSGetModule () from
/home/tom/thunderbird/components/libwidget_gtk2.so
#38 0x40d06d82 in ?? () from /home/tom/thunderbird/components/libwidget_gtk2.so
#39 0x0936e5b8 in ?? ()
#40 0xbfffece0 in ?? ()
#41 0xbfffecdc in ?? ()
#42 0x405fb37f in g_datalist_id_get_data (datalist=0x0, key_id=155736964) at
../../glib/gdataset.c:454
#43 0x40d0b35e in ?? () from /home/tom/thunderbird/components/libwidget_gtk2.so
#44 0x0936e5b8 in ?? ()
#45 0x09342f58 in ?? ()
#46 0x0824c758 in ?? ()
#47 0x4112a824 in NSGetModule () from
/home/tom/thunderbird/components/libgklayout.so
#48 0x40306e14 in _gtk_marshal_BOOLEAN__BOXED (closure=0x91909e0,
return_value=0xbfffef50, n_param_values=2, param_values=0x1,
invocation_hint=0xbfffef78, marshal_data=0x0)
    at ../../gtk/gtkmarshalers.c:82
#49 0x405ad79b in g_closure_invoke (closure=0x8ec2bf8, return_value=0x0,
n_param_values=0, param_values=0x0, invocation_hint=0x0) at
../../gobject/gclosure.c:437
#50 0x405c43fb in signal_emit_unlocked_R (node=0x814f668, detail=0,
instance=0x9342f58, emission_return=0xbffff030, instance_and_params=0xbffff090)
    at ../../gobject/gsignal.c:2436
#51 0x405c60c3 in g_signal_emit_valist (instance=0x9342f58, signal_id=0,
detail=0, var_args=0xbffff220 "(тяїX/4\t") at ../../gobject/gsignal.c:2205
#52 0x405c6752 in g_signal_emit (instance=0x0, signal_id=0, detail=0) at
../../gobject/gsignal.c:2239
#53 0x4040a0d4 in gtk_widget_event_internal (widget=0x9342f58, event=0x824c758)
at ../../gtk/gtkwidget.c:3563
#54 0x40304d2b in gtk_propagate_event (widget=0x9342f58, event=0x824c758) at
../../gtk/gtkmain.c:2344
#55 0x403050bd in gtk_main_do_event (event=0x824c758) at ../../gtk/gtkmain.c:1582
#56 0x404fe971 in gdk_event_dispatch (source=0x0, callback=0, user_data=0x0) at
../../../gdk/x11/gdkevents-x11.c:2152
#57 0x4060ce56 in g_main_context_dispatch (context=0x8083490) at
../../glib/gmain.c:1942
#58 0x4060e984 in g_main_context_iterate (context=0x8083490, block=1,
dispatch=1, self=0x815c228) at ../../glib/gmain.c:2573
#59 0x4060ec3a in g_main_loop_run (loop=0x80ca528) at ../../glib/gmain.c:2777
#60 0x403042a3 in gtk_main () at ../../gtk/gtkmain.c:1172
#61 0x40d0d816 in ?? () from /home/tom/thunderbird/components/libwidget_gtk2.so
#62 0x08107fa0 in ?? ()
#63 0x00000000 in ?? ()
#64 0xbffff438 in ?? ()
#65 0x4013ccce in nsCOMPtr_base::assign_with_AddRef () from thunderbird/libxpcom.so
#66 0x40c63b44 in ?? () from /home/tom/thunderbird/components/libnsappshell.so
#67 0x08107fa0 in ?? ()
#68 0xbffff490 in ?? ()
#69 0xbffff628 in ?? ()
#70 0x0804d863 in ?? ()
#71 0x08107ad0 in ?? ()
#72 0x00000000 in ?? ()
#73 0x08050b38 in nsIObserverService::GetIID()::iid ()
#74 0xbffff4c8 in ?? ()
#75 0x00000002 in ?? ()
#76 0x00000001 in ?? ()
#77 0x400169fc in ?? ()
#78 0xbffff5c0 in ?? ()
#79 0xbffff4a0 in ?? ()
#80 0xbffff580 in ?? ()
#81 0x4014c070 in vtable for nsGetServiceByCID () from thunderbird/libxpcom.so
#82 0xbffff5a0 in ?? ()
#83 0xbffff5d0 in ?? ()
#84 0xbffff5e8 in ?? ()
#85 0xbffff5e0 in ?? ()
#86 0xbffff48c in ?? ()
#87 0xbffff5f0 in ?? ()
#88 0xbffff600 in ?? ()
#89 0x00000000 in ?? ()
#90 0x00000000 in ?? ()
#91 0x00000000 in ?? ()
#92 0x4014c2dc in ?? () from thunderbird/libxpcom.so
#93 0x400a4ae0 in ?? () from thunderbird/libxpcom.so
#94 0x40016860 in ?? ()
#95 0x081b6528 in ?? ()
#96 0x40015d50 in ?? () from /lib/ld-linux.so.2
#97 0x0000098e in ?? ()
#98 0x40016860 in ?? ()
#99 0x4014bea8 in vtable for nsObsoleteAStringThunk () from thunderbird/libxpcom.so
#100 0xbffff4c8 in ?? ()
#101 0x00000018 in ?? ()
#102 0x00010011 in ?? ()
#103 0x0000003f in ?? ()
#104 0xbffff4c8 in ?? ()
#105 0x00720043 in ?? ()
#106 0x00610065 in ?? ()
#107 0x00690074 in ?? ()
#108 0x0067006e in ?? ()
#109 0x00660020 in ?? ()
#110 0x00720069 in ?? ()
#111 0x00740073 in ?? ()
#112 0x00770020 in ?? ()
#113 0x006e0069 in ?? ()
#114 0x006f0064 in ?? ()
#115 0x002e0077 in ?? ()
#116 0x002e002e in ?? ()
#117 0x00000000 in ?? ()
#118 0x4014d964 in ?? () from thunderbird/libxpcom.so
#119 0x4014c2dc in ?? () from thunderbird/libxpcom.so
#120 0x00000032 in ?? ()
#121 0xbffff518 in ?? ()
#122 0x4013cc7b in nsCOMPtr_base::~nsCOMPtr_base () from thunderbird/libxpcom.so
Previous frame inner to this frame (corrupt stack?)
(gdb) 


I'm running a Slackware 8 base Linux system w/ 2.6.6 kernel, glibc-2.3.2,
glib/gtk+-2.4.1, and gdb 6.1.

Hope this helps!  :)

Peace...

Comment 4

[jim9000]

This bug seems to occur on Windows if you follow the instructions below. If this
is the same bug (and I think it is), then the OS should be changed to all.

Here is how to reproduce this bug: 
[1] Search messages. Be sure at least one of the search items is in the body of
the message. 

[2)] Click Stop (Before it is finished. Searching a large folder or account helps) 

[3] Run another search. Instant crash.

Talkback reports: TB192251X, TB191950Q

Comment 5

[jwq]

Bug 249560 may be a duplicate of this bug. Bug 249560 has been observed on Mac
OS X and Windows XP.

Comment 6

[Tsutomu Hayashi]

I have encountered this bug Thunderbird 0.7.2 on Windows2000 SP4. [Search] click
then soon [stop] click, and [Search] Click then crash. This is repeatable.

Comment 7

[dfrgw]

I can no longer repro this with the checkin for bug 254199.  I have tested this
with a 20040808 win32 nightly branch build of Thunderbird.

Comment 8

[August Joki]

I've had the same bug, and it's repeatable for me in a newsgroup. More details
were submitted through the Quality control agent

Comment 9

[August Joki]

Doing more experiments i've found that if typing a search string quickly when
Message Body is selected causes Thunderbird 0.8 to crash. Doesn't crash if I
type one letter, let it finish searching, then type the next letter, and so
forth. And only in a newsgroup.

Comment 10

[Henrik Skupin [:whimboo][⌚️UTC+1]]

I can reproduce it with TB version 0.8 (20041014). It still happens for an
offline search within a newsgroup. It only occurs when you have selected the
criteria "body contains" or "body doesn't contains". With "is" and "isn't" all
works fine.

Following talkback report is available (not mine):

http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=2&type=iid&id=TB1373683E

Stack Signature	 nsMsgSearchTerm::StripQuotedPrintable 13604b70
Product ID	Thunderbird10
Build ID	2004091303
Trigger Time	2004-10-18 06:51:00.0
Platform	Win32
Operating System	Windows NT 5.1 build 2600
Module	thunderbird.exe + (00445419)
URL visited	
User Comments	search im news body.
Since Last Crash	216 sec
Total Uptime	58526 sec
Trigger Reason	Access violation
Source File, Line No.
e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgSearchTerm.cpp,
line 689
Stack Trace 	
nsMsgSearchTerm::StripQuotedPrintable 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgSearchTerm.cpp,
line 689]
nsMsgSearchOfflineMail::ProcessSearchTerm 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgLocalSearch.cpp,
line 530]
nsMsgSearchOfflineMail::ConstructExpressionTree 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgLocalSearch.cpp,
line 436]
nsMsgSearchOfflineMail::MatchTerms 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgLocalSearch.cpp,
line 630]
nsMsgSearchOfflineMail::MatchTermsForSearch 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgLocalSearch.cpp,
line 368]
nsMsgSearchOfflineMail::Search 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgLocalSearch.cpp,
line 681]
nsMsgSearchScopeTerm::TimeSlice 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgSearchTerm.cpp,
line 1498]
nsTimerImpl::Fire 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/xpcom/threads/nsTimerImpl.cpp,
line 382]
nsAppShellService::Run 
[e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/xpfe/appshell/src/nsAppShellService.cpp,
line 495]
main  [e:/builds/tbird-tbox/WINNT_5.0_Clobber/mozilla/mail/app/nsMailApp.cpp,
line 58]
kernel32.dll + 0x16d4f (0x7c816d4f)


Crash happens on line 689: "dest[destIdx] = src[srcIdx];"

Asking for blocker aviary1.0.

Comment 11

[Henrik Skupin [:whimboo][⌚️UTC+1]]

*** Bug 260935 has been marked as a duplicate of this bug. ***

Comment 12

[Benny Raymond]

I assume it's the same crash

This also happens if you offline body search a newsgroup with a significant
amount of messages in it.  I don't know what the point where it crashes/doesn't
crash - however I do know that in a newsgroup with around 19000 messages,
thunderbird will crash after showing a large amount of results.

1. Connect to a newsgroup with around 19,000 posts (news.microsoft.com -
microsoft.public.dotnet.languages.csharp)
2. Make that newsgroup an offline newsgroup
3. Download all messages in that newsgroup
4. Offline search the newsgroup using Body search
5. Wait a minute or so for Thunderbird to crash while it's searching the
newsgroup messages. (I typed "test" as a search term)

The crash data is below:
----------------------------
Error signature
===============
AppName: thunderbird.exe	 AppVer: 0.8.0.0	 ModName: thunderbird.exe
ModVer: 0.8.0.0	 Offset: 00445419

----------------------------
I couldn't copy/paste anything else.

Comment 13

[David :Bienvenu]

the fix for https://bugzilla.mozilla.org/show_bug.cgi?id=242677 is not on the
branch - I'll add check it into the branch.

Comment 14

[Henrik Skupin [:whimboo][⌚️UTC+1]]

No crash anymore with a fresh cvs build - version 0.9 (20041102).

David, i think you have checked in this file. Marking this bug as fixed.