Closed
Bug 265007
Opened 20 years ago
Closed 20 years ago
Crash over message without Message-ID header when collecting with POP3 [@ PL_HashString]
Categories
(MailNews Core :: Networking: POP, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: mozilla-bugs, Assigned: mcsmurf)
References
()
Details
(Keywords: crash)
Crash Data
Attachments
(2 files)
2.14 KB,
patch
|
Details | Diff | Splinter Review | |
3.77 KB,
patch
|
Bienvenu
:
review+
dmosedale
:
superreview+
|
Details | Diff | Splinter Review |
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8a4) Gecko/20040927 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8a4) Gecko/20040927 Crash over message without Message-ID header when collecting with POP3. The POP3 connection had completed receiving the RETR data My MTA replaces invalid headers like this: Illegal-Object: Syntax error in Message-ID: value found on relay-1.netbauds.net Message-ID: <D785EF15D37563E.71E5F@dkhzcgchuscke@japan.co.jp> ^-illegal e It created a new header line and indents the bad one so its a continuation of the new header line. To get Mozilla to accept the email I manually edited the mailfile on the POP3 server by adding this line below that quoted above: Message-ID: <D785EF15D37563E.71E5F@dkhzcgchuscke.japan.co.jp> This is an strace() of the mozilla processes. [pid 6578] kill(6584, SIGRTMIN <unfinished ...> [pid 6584] <... nanosleep resumed> 0) = -1 EINTR (Interrupted system call) [pid 6578] <... kill resumed> ) = 0 [pid 6584] --- SIGRTMIN (Unknown signal 32) @ 0 (0) --- [pid 6578] write(44, "From - Tue Oct 19 03:54:17 2004\nX-Account-Key: account4\nX-Mozilla-Status: 0000\nX-Mozilla-Status2: 00000000\nReceived: from [83.213.190.244] ([83.213.190.244]:42512 \"HELO 62.232.161.102\"\n\tTLS-CIPHER: <none> TLS-PEER-CN1: <none>) by relay-1.netbauds.net\n\twith SMTP id S7654928AbUJOG3X (ORCPT\n\t<rfc822;darryl@darrylmiles.org>); Fri, 15 Oct 2004 07:29:23 +0100\nX-Message-Info:\t931WEC4HAAe9CBJ0lwlCihwZSH4DmjZCRCFdgdFSpSNBPJ7\nReceived: from signal8steroidmitochondria (D0.43.329.E6) by mail4273.dkhzcgchuscke@japan.co.jp (Bluewin AG 3.E.7D1)\n id 429A14CH625FXM8E26D for darryl@darrylmiles.org; Fri, 15 Oct 2004 05:24:04 -0200\nIllegal-Object:\tSyntax error in Message-ID: value found on relay-1.netbauds.net:\n\tMessage-ID:\t<D785EF15D37563E.71E5F@dkhzcgchuscke@japan.co.jp>\n\t\t\t\t\t\t\t\t ^-illegal end of message identification\nReply-To: \"Gregory Rivera\" <dkhzcgchuscke@japan.co.jp>\nFrom:\t\"Gregory Rivera\" <dkhzcgchuscke@japan.co.jp>\nTo:\t\"Darryl\" <darryl@darrylmiles.org>\nSubject: this stock is showing triple-digit earnings grow"..., 4096 <unfinished ...> [pid 6584] rt_sigprocmask(SIG_SETMASK, [RTMIN], <unfinished ...> [pid 6578] <... write resumed> ) = 4096 [pid 6584] <... rt_sigprocmask resumed> NULL, 8) = 0 [pid 6578] write(44, "ions in this featured profile are <=\nbr>\n based on sources believed to be reliable but no representation is made <=\nbr>\n to its accuracy or completeness. Past performance is not an indicator <b=\nr>\n of future results. This report is a paid profile for information purpose=\ns <br>\n only and should not be used as the basis for any investment decision. <b=\nr>\n The publisher has been compensated ten thousand dollars for the preparat=\nion \n <br>\n of this profile and for continuing coverage of the featured company. The=\n <br>\n publisher is not an investment advisor and this profile is not to be <br=\n>\n considered investment advice. This information is neither a solicitation=\n <br>\n to buy nor an offer to sell securities. Information herein contains futu=\nre-<br>\n looking statements that are subject to significant risks and uncertainti=\nes. \n <br>\n There are no shares presently held and no participation will occur in th=\ne <br>\n trading of shares in any profiled company.<br>\n</p>\n</body>\n</html>\n\n\n----0"..., 1043 <unfinished ...> [pid 6584] gettimeofday( <unfinished ...> [pid 6578] <... write resumed> ) = 1043 [pid 6584] <... gettimeofday resumed> {1098154457, 202638}, NULL) = 0 [pid 6578] fsync(44 <unfinished ...> [pid 6584] gettimeofday({1098154457, 202887}, NULL) = 0 [pid 6584] gettimeofday({1098154457, 203139}, NULL) = 0 [pid 6584] rt_sigprocmask(SIG_BLOCK, NULL, [RTMIN], 8) = 0 [pid 6584] rt_sigprocmask(SIG_UNBLOCK, [RTMIN], [RTMIN], 8) = 0 [pid 6584] gettimeofday({1098154457, 203514}, NULL) = 0 [pid 6584] nanosleep({1, 778625000}, <unfinished ...> [pid 6578] <... fsync resumed> ) = 0 [pid 6578] fsync(44) = 0 [pid 6578] stat64("/data/home/darryl/.mozilla/default/zbnpfwy5.slt/Mail/mail.darrylmiles.org/Inbox.msf", {st_mode=S_IFREG|0664, st_size=191096, ...}) = 0 [pid 6578] --- SIGSEGV (Segmentation fault) @ 0 (0) --- [pid 6578] unlink("/data/home/darryl/.mozilla/default/zbnpfwy5.slt/lock") = 0 [pid 6578] rt_sigaction(SIGSEGV, NULL, {0x401004cc, ~[KILL STOP], SA_RESTORER, 0x4071dd48}, 8) = 0 [pid 6578] times({tms_utime=2247, tms_stime=163, tms_cutime=1, tms_cstime=1}) = 6882100 [ LOTS more stuff deleted below ] Reproducible: Always Steps to Reproduce: 1. Using Send/Recv mail on the POP3 account concerned. 2. 3. Actual Results: The mozilla process crashed. I disabled the debugging screen one time and can't find an option to re-enable it upon crash. Expected Results: Processed the email without crashing. I have no core file, it wont generate one even ulimit -c is set. Maybe the chdir() value is not where I started it up ?
reporter: please don't paste straces unless asked, they are not stack traces and have nothing to do with stack traces. if talkback pops up, please run components/talkback to find a talkback incident id for your crash. if you can't get talkback happy and can build, make a build with --enable-debug then run ./mozilla -g -d gdb at the gdb prompt, type |run| when you crash, type |where| copy the output of where to the bug.
Reporter | ||
Comment 2•20 years ago
|
||
Sorry for the strace output, but "./mozilla -g -d gdb" isn't an obvious choice for me :) (Gecko:14962): GLib-GObject-WARNING **: gsignal.c:1893: signal `select_all' is invalid for instance `0x84a49b8' Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 14962)] 0x40099c88 in PL_HashString () from ./libplds4.so (gdb) where #0 0x40099c88 in PL_HashString () from ./libplds4.so #1 0xbfffef58 in ?? () #2 0x40099ac6 in PL_HashTableLookup () from ./libplds4.so #3 0x425c5b31 in NSGetModule () from /usr/local/mozilla/components/liblocalmail.so #4 0x425c6b9c in NSGetModule () from /usr/local/mozilla/components/liblocalmail.so #5 0x41c6c64e in nsMsgProtocol::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned, unsigned) () from /usr/local/mozilla/libmsgbaseutil.so #6 0x40d5627e in NSGetModule () from /usr/local/mozilla/components/libnecko.so #7 0x40d55fff in NSGetModule () from /usr/local/mozilla/components/libnecko.so #8 0x40c297f1 in nsInputStreamReadyEvent::EventHandler(PLEvent*) () from /usr/local/mozilla/libxpcom.so #9 0x40c3eec7 in PL_HandleEvent () from /usr/local/mozilla/libxpcom.so #10 0x40c3edf4 in PL_ProcessPendingEvents () from /usr/local/mozilla/libxpcom.so #11 0x40c409a9 in nsEventQueueImpl::NotifyObservers(char const*) () from /usr/local/mozilla/libxpcom.so #12 0x415155c5 in _IcePaAuthDataEntries () from /usr/local/mozilla/components/libwidget_gtk2.so #13 0x40514ddf in g_vsnprintf () from /usr/lib/libglib-2.0.so.0 #14 0x404f3b35 in g_get_current_time () from /usr/lib/libglib-2.0.so.0 #15 0x404f4b78 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #16 0x404f4e8d in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #17 0x404f558f in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #18 0x4021bf5f in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #19 0x415159e6 in _IcePaAuthDataEntries () from /usr/local/mozilla/components/libwidget_gtk2.so #20 0x4145f304 in fullsoft_copyright () from /usr/local/mozilla/components/libnsappshell.so #21 0x0804d553 in strcpy () #22 0x0804dfc9 in strcpy () #23 0x4070c5cd in __libc_start_main () from /lib/libc.so.6 (gdb)
Reporter | ||
Comment 3•20 years ago
|
||
Finally pulled the CVS and built MOZILLA_1_8a4_RELEASE with debugging. Another important factor to inform you, is that my POP3 server does not support UIDL command. While this command is widespread its not mandatory, I do NOT leave my mail on the server, I always collect and delete at every session. I would expect any POP3 client to either not support de-duplication of messages from POP3 mailboxes or to have its own implemented scheme to be able to assign a unique ID based on some fixed Header information From, Date and maybe an MD5 hash the msg body. These messages in question are in my mailbox and DO NOT have a Message-ID header since the Message-ID header was removed by my MTA due to SPAMMERs using malformed double @ signs in them. I certainly wouldn't expect any client to crash from seeing any invalid data or missing headers, some fallback action should be taken, maybe mozilla itself assign its own message ID to it. NB: The diskspace calculation is wrong or at least displayed incorrectly, I presume this is a 64bit kernel and userspace value by now. Let me know if there is anything else I can do, I can provide you with a POP3 server account, without UIDL support, with a broken message on it. From my '-g -t gdb' session: Begin mail message delivery. GetDiskSpaceAvailable returned: -1624317952 bytes Incorporate message begin: Incorporate message complete. Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 3327)] 0x400d00c2 in PL_HashString (key=0x0) at plhash.c:526 526 for (s = (const PRUint8*)key; *s; s++) Current language: auto; currently c (gdb) bt #0 0x400d00c2 in PL_HashString (key=0x0) at plhash.c:526 #1 0x400cfed3 in PL_HashTableLookup (ht=0x8970128, key=0x0) at plhash.c:390 #2 0x43038b8c in nsPop3Protocol::RetrResponse(nsIInputStream*, unsigned) ( this=0x8b2f540, inputStream=0x88a2e44, length=444) at nsPop3Protocol.cpp:3058 #3 0x4303a060 in nsPop3Protocol::ProcessProtocolState(nsIURI*, nsIInputStream*, unsigned, unsigned) (this=0x8b2f540, url=0x8b092ac, aInputStream=0x88a2e44, sourceOffset=18088, aLength=444) at nsPop3Protocol.cpp:3613 #4 0x4239c019 in nsMsgProtocol::OnDataAvailable(nsIRequest*, nsISupports*, nsIInputStream*, unsigned, unsigned) (this=0x8b2f540, request=0x8b32070, ctxt=0x8b092ac, inStr=0x88a2e44, sourceOffset=18088, count=444) at nsMsgProtocol.cpp:325 #5 0x40d85e5c in nsInputStreamPump::OnStateTransfer() (this=0x8b32070) at nsInputStreamPump.cpp:435 #6 0x40d85a04 in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) ( this=0x8b32070, stream=0x88a2e44) at nsInputStreamPump.cpp:338 #7 0x40a88d11 in nsInputStreamReadyEvent::EventHandler(PLEvent*) ( plevent=0x876e474) at nsStreamUtils.cpp:118 #8 0x40aae148 in PL_HandleEvent (self=0x876e474) at plevent.c:692 #9 0x40aadfe9 in PL_ProcessPendingEvents (self=0x8175350) at plevent.c:627 #10 0x40ab13a8 in nsEventQueueImpl::ProcessPendingEvents() (this=0x8175318) at nsEventQueue.cpp:391 #11 0x419ee8b8 in event_processor_callback (data=0x8175318, source=6, condition=GDK_INPUT_READ) at nsAppShell.cpp:189 #12 0x419ee221 in our_gdk_io_invoke (source=0x42200f20, condition=G_IO_IN, data=0x422012e0) at nsAppShell.cpp:74 #13 0x4031f0a6 in g_io_add_watch () from /usr/lib/libglib-1.2.so.0 #14 0x403209ae in g_get_current_time () from /usr/lib/libglib-1.2.so.0 #15 0x40320e89 in g_get_current_time () from /usr/lib/libglib-1.2.so.0 #16 0x40321124 in g_main_run () from /usr/lib/libglib-1.2.so.0 #17 0x4022c27f in gtk_main () from /usr/lib/libgtk-1.2.so.0 #18 0x419eed20 in nsAppShell::Run() (this=0x81af450) at nsAppShell.cpp:320 #19 0x419a2ef9 in nsAppShellService::Run() (this=0x81af1c8) at nsAppShellService.cpp:488 #20 0x08064719 in main1 (argc=1, argv=0xbffff794, nativeApp=0x8151d68) at nsAppRunner.cpp:1321 #21 0x0806554c in main (argc=1, argv=0xbffff794) at nsAppRunner.cpp:1799 #22 0x4051c5cd in __libc_start_main () from /lib/libc.so.6 (gdb) frame #2 0x43038b8c in nsPop3Protocol::RetrResponse(nsIInputStream*, unsigned) ( this=0x8b2f540, inputStream=0x88a2e44, length=444) at nsPop3Protocol.cpp:3058 3058 uidlEntry = (Pop3UidlEntry *)PL_HashTableLookup(m_pop3ConData->newuidl, info->uidl); (gdb) p info->uidl $2 = 0x0 (gdb) p m_pop3ConData->newuidl $3 = (PLHashTable *) 0x8970128 (gdb) p info->uidl $4 = 0x0
thank you very much, this is easily fixed based on the stack trace. if you'd like to follow along, the basic problem is that hash keys are supposed to be non null. i've marked in the url field all of the places in this file which don't seem to check for that constraint before calling PL_HashTableLookup. You can compare those call sites to the unmarked ones, which do null check the key param before performing that op. someone should post a patch within 2 days, if no one does, please bug me on irc.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: crash
Summary: Crash over message without Message-ID header when collecting with POP3 → Crash over message without Message-ID header when collecting with POP3 [@ PL_HashString]
Assignee | ||
Comment 5•20 years ago
|
||
Assignee | ||
Comment 6•20 years ago
|
||
Assignee | ||
Comment 7•20 years ago
|
||
Comment on attachment 165453 [details] [diff] [review] Patch (diff -uwp 11) Note: If you want to review my whitespace changes, too, take a look at Attachment 165452 [details] [diff]
Attachment #165453 -
Flags: superreview?(dmose)
Attachment #165453 -
Flags: review?(bienvenu)
Updated•20 years ago
|
Attachment #165453 -
Flags: review?(bienvenu) → review+
Comment 8•20 years ago
|
||
Comment on attachment 165453 [details] [diff] [review] Patch (diff -uwp 11) sr=dmose
Attachment #165453 -
Flags: superreview?(dmose) → superreview+
mozilla/mailnews/local/src/nsPop3Protocol.cpp 1.233
Assignee: sspitzer → bugzilla
Assignee | ||
Comment 10•20 years ago
|
||
fixed per previous comment
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 11•20 years ago
|
||
I have checked out the HEAD and rebuilt and downloaded a message that crashed stock 1.8a4 only 10 minutes ago. The HEAD version does not crash with your patches, many thanks for the fix.
Updated•20 years ago
|
Product: MailNews → Core
Updated•15 years ago
|
Product: Core → MailNews Core
Updated•13 years ago
|
Crash Signature: [@ PL_HashString]
You need to log in
before you can comment on or make changes to this bug.
Description
•