Accessing IMAP folders cause the browser crash.

VERIFIED FIXED

Status

MailNews Core
Networking: IMAP
--
critical
VERIFIED FIXED
17 years ago
10 years ago

People

(Reporter: Shanmugavelu Shanmuganathan (gone), Assigned: Scott MacGregor)

Tracking

({64bit})

Trunk
DEC
OSF/1
64bit

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

17 years ago
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; OSF1 alpha; en-US; rv:0.9.4) Gecko/20010918
Netscape6/6.2
BuildID:    20010921

Mozilla crashes while clicking the INBOX of IMAP folder.
The first time when I clicked the  INBOX everything worked fine.
I was able to read the mails.  After clicking other folders such as
Sent or Trash, if I click the INBOX folder again the browser crashes.
The crash happens at various places of the code. But every time it 
crashes while trying to malloc. Looks likes the memory database is corrupted
very badly.
 
Here is an instance of the stack trace.

 (ladebug) t
>0  0x3ff805c13f8 in __nxm_thread_kill(0x3ffc01b1530, 0xb, 0x1, 0x3, 0x0, 0x0)
in /usr/shlib/libpthread.so
#1  0x3ff805b0c14 in pthread_kill(0x3ffc01b1530, 0xb, 0x1, 0x3, 0x0, 0x0) in
/usr/shlib/libpthread.so
#2  0x3ff805c45b4 in UnknownProcedure3FromFile113(0x3ffc01b1530, 0xb, 0x1, 0x3,
0x0, 0x0) in /usr/shlib/libpthread.so
#3  0x3ff807f373c in UnknownProcedure15FromFile1(0x3ffc01b1530, 0xb, 0x1, 0x3,
0x0, 0x0) in /usr/shlib/libexc.so
#4  0x3ff807f383c in exc_unwind(0x3ffc01b1530, 0xb, 0x1, 0x3, 0x0, 0x0) in
/usr/shlib/libexc.so
#5  0x3ff807f3b2c in exc_raise_signal_exception(0x3ffc01b1530, 0xb, 0x1, 0x3,
0x0, 0x0) in /usr/shlib/libexc.so
#6  0x3ff805b2580 in UnknownProcedure8FromFile14(0x3ffc01b1530, 0xb, 0x1, 0x3,
0x0, 0x0) in /usr/shlib/libpthread.so
#7  0x3ff800d01f0 in __sigtramp(0x3ffc01b1530, 0xb, 0x1, 0x3, 0x0, 0x0) in
/usr/shlib/libc.so
#8  0x3ff801b8838 in UnknownProcedure0FromFile24(0x3ffc0087500, 0x0, 0x100000,
0x75, 0x0, 0x0) in /usr/shlib/libc.so
#9  0x3ff800cd08c in malloc(0x3ffc0087500, 0x0, 0x100000, 0x75, 0x0, 0x0) in
/usr/shlib/libc.so
#10 0x30001021960 in PR_Malloc(size=96) "prmem.c":54
#11 0x3000482f158 in ((nsUInt32Array*)0x11fffb930)->SetSize(nSize=17,
adjustGrowth=1048576, nGrowBy=117) "nsUInt32Array.cpp":112
#12 0x3000482fa34 in ((nsUInt32Array*)0x11fffb930)->SetAtGrow(nIndex=16,
newElement=23) "nsUInt32Array.cpp":254
#13 0x3000482f434 in ((nsUInt32Array*)0x3ffc0087500)->Add(newElement=1048576)
"nsUInt32Array.cpp":168
#14 0x300049b701c in
((nsImapMailFolder*)0x141463e80)->FindKeysToAdd(existingKeys=const class { ...
}, keysToFetch=class { ... }, flagState=0x141972360) "nsImapMailFolder.cpp":3104
#15 0x300049b29f4 in
((nsImapMailFolder*)0x141463e80)->UpdateImapMailboxInfo(aProtocol=0x141996800,
aSpec=0x141ac4380) "nsImapMailFolder.cpp":2290
#16 0x3ffbff2782c in XPTC_InvokeByIndex() "xptcinvoke_asm_osf1_alpha.s":73
#17 0x3ffbfef5e48 in EventHandler(self=0x3ffc0087500) "nsProxyEvent.cpp":506
#18 0x3ffbfee5788 in PL_HandleEvent(self=0x141a0fc40) "plevent.c":590
#19 0x3ffbfee5564 in PL_ProcessPendingEvents(self=0x14015e360) "plevent.c":520
#20 0x3ffbfee9a10 in ((nsEventQueueImpl*)0x1400e7990)->ProcessPendingEvents()
"nsEventQueue.cpp":374
#21 0x3ffbf1bba64 in event_processor_callback(data=0x3ffc0087500, source=<no
value>, condition=<no value>) "nsAppShell.cpp":169
#22 0x3ffbf1bb3dc in our_gdk_io_invoke(source=0x3ffc0087500, condition=<no
value>, data=0x100000) "nsAppShell.cpp":61
#23 0x30003014750 in g_io_unix_dispatch(source_data=0x14036c6d0,
current_time=0x11fffbbd8, user_data=0x1402032c0) "giounix.c":135
#24 0x30003016a28 in g_main_dispatch(current_time=0x11fffbbd8) "gmain.c":656
#25 0x300030172ec in g_main_iterate(block=1, dispatch=1) "gmain.c":874
#26 0x300030174f4 in g_main_run(loop=0x14036f040) "gmain.c":932
#27 0x300018dd688 in gtk_main() "gtkmain.c":476
#28 0x3ffbf1bc374 in ((nsAppShell*)0x14019c480)->Run() "nsAppShell.cpp":349
#29 0x3ffbe14298c in ((nsAppShellService*)0x3ffc0087500)->Run()
"nsAppShellService.cpp":452
#30 0x120013a7c in main1(argc=0, argv=0x3ffff9c2208, nativeApp=0x140176d00)
"nsAppRunner.cpp":1272
#31 0x120014934 in main(argc=2, argv=0x11fffc018) "nsAppRunner.cpp":1594
#32 0x120007e38 in __start(0x3ffc0087500, 0x0, 0x100000, 0x75, 0x0, 0x0) in
./mozilla-bin


Reproducible: Always
Steps to Reproduce:
1.Click Tasks -> Mail and Newsgroups
2.Click on the IMAP folders.
3.

Actual Results:  Browser crashes.

Expected Results:  It sgould have displayed the mails in that folder.

I am not sure if this is a 64 bit problem.

Comment 1

17 years ago
OSF/1? Isn't that a 64 bit machine? Oh, yes, so it is. Has this ever worked on
that OS/machine, first of all? I would guess some sort of memory corruption, but
I think that would be hard to find without debugging on the actual machine. Do
local folders and newsgroups work?
(Reporter)

Comment 2

17 years ago
This never worked on a Tru64 UNIX. In fact this bug was hiding.
In other worrds there was another bug that caused the browser crash 
as soon as the password is entered. This was fixed recenly(bug # 95838) and
now this bug is exposed.  
The local folders and newsgroups work perfect. 

Updated

17 years ago
Keywords: 64bit

Comment 3

17 years ago
Marking NEW.
Status: UNCONFIRMED → NEW
Ever confirmed: true
(Reporter)

Comment 4

17 years ago
Created attachment 51287 [details]
Imap protocol transaction message.
(Reporter)

Comment 5

17 years ago
Created attachment 55085 [details] [diff] [review]
Fix that passes the right sized data to get sorted.
(Reporter)

Comment 6

17 years ago
The reason for the crash is that the wrong size
of the data being passed to QuickSort algorithm to sort
an array of unsigned integers. The caller to this function
was passing the sizeof(void *), while the intent was
to send the size of PRUint32. it was sorting twice
as many bits than were actually allocated in the array.
Thus it stored into areas that it did not own, and 
since these areas were memory on the free list, the both data
values sorted and the data locations corrupted were random
The attached patch (above) solves this problem on a Tru64 UNIX.
Can I get a review for this fix.

Comment 7

17 years ago
Comment on attachment 55085 [details] [diff] [review]
Fix that passes the right sized data to get sorted.

looks good, r=bienvenu
Attachment #55085 - Flags: review+
(Reporter)

Comment 8

17 years ago
Can I get Super review for this please.
Also I don't have access to submit the fixes into mozilla.
May I request some one from this list to submit this fix.

Comment 9

17 years ago
Seth will sr it, and I'll check it in.
Comment on attachment 55085 [details] [diff] [review]
Fix that passes the right sized data to get sorted.

sr=sspitzer
Attachment #55085 - Flags: superreview+

Comment 11

16 years ago
the patch was checked in... is this bug not fixed?

Comment 12

16 years ago
sorry, marking fixed.
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
QA Contact: huang → stephend
shanmu@netscape.com, can you verify this since I don't have a DEC Alpha platform
handy?  Thanks.
(Reporter)

Comment 14

16 years ago
Verified fixed.
Thanks, I'll mark it.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.