Closed Bug 106650 Opened 23 years ago Closed 23 years ago

Crash viewing some mails - Trunk [@ MimeInlineText_open_dam] [@ nsUnicodeDecodeHelper::ConvertByFastTable]

Categories

(MailNews Core :: MIME, defect)

Product:
MailNews Core
Component:
MIME
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: 2009-bugzilla, Assigned: shanjian)

References

Details

(Keywords: crash, topcrash, Whiteboard: wait for sr)

Crash Data

Attachments

(4 files, 1 obsolete file)

Mail causing this crash
27.67 KB, text/plain
Details
Gdb backtrace
2.64 KB, text/plain
Details
updated patch
10.00 KB, patch
bugzilla
: review+
Details | Diff | Splinter Review
update as suggested by seth.
11.13 KB, patch
sspitzer
: superreview+
Details | Diff | Splinter Review
1. Use 2001101202. Open MailNews 2. Click on a mail 3. XXX Damage rectangle (36,7398,18235,5077) does not intersect the widget's view (0,0,18234,5072)! Program received signal SIGABRT, Aborted. [Switching to Thread 1024 (LWP 8012)] 0x405e79f1 in __kill () from /lib/libc.so.6 Current language: auto; currently c (gdb) bt #0 0x405e79f1 in __kill () from /lib/libc.so.6 #1 0x40323dbe in pthread_kill (thread=1024, signo=6) at signals.c:65 #2 0x4032428d in raise (sig=6) at signals.c:232 #3 0x405e8e31 in abort () at ../sysdeps/generic/abort.c:88 #4 0x406f0248 in __terminate () from /usr/lib/libstdc++-libc6.2-2.so.3 #5 0x406f0265 in __terminate () from /usr/lib/libstdc++-libc6.2-2.so.3 #6 0x406f0c60 in __unwinding_cleanup () from /usr/lib/libstdc++-libc6.2-2.so.3 #7 0x406f0e15 in __throw () from /usr/lib/libstdc++-libc6.2-2.so.3 #8 0x406f29f6 in __builtin_vec_new () from /usr/lib/libstdc++-libc6.2-2.so.3 #9 0x42739aac in MimeCharsetConverterClass::Convert (this=0xbfffec70, inBuffer=0x406c4fd8 "ÐOl@ÐOl@ØOl@ØOl@àOl@àOl@èOl@èOl@ðOl@ðOl@øOl@øOl@", inLength=-933244208, outBuffer=0xbfffecf4, outLength=0xbfffecf0, numUnConverted=0x0) at comi18n.cpp:1488 #10 0x42739fad in MIME_ConvertCharset (autoDetection=0, from_charset=0x88413a0 "x-vcard", to_charset=0x4276ad5c "UTF-8", inBuffer=0x406c4fd8 "ÐOl@ÐOl@ØOl@ØOl@àOl@àOl@èOl@èOl@ðOl@ðOl@øOl@øOl@", inLength=-933244208, outBuffer=0xbfffecf4, outLength=0xbfffecf0, numUnConverted=0x0) at comi18n.cpp:1591 #11 0x42732cbf in mime_convert_charset (input_autodetect=0, input_line=0x406c4fd8 "ÐOl@ÐOl@ØOl@ØOl@àOl@àOl@èOl@èOl@ðOl@ðOl@øOl@øOl@", input_length=-933244208, input_charset=0x88413a0 "x-vcard", output_charset=0x42765199 "UTF-8", output_ret=0xbfffed64, output_size_ret=0xbfffed60, stream_closure=0x8ccb488, decoder=0x0, encoder=0x88f80b0) at mimemoz2.cpp:760 #12 0x4272b366 in MimeInlineText_convert_and_parse_line ( line=0x406c4fd8 "ÐOl@ÐOl@ØOl@ØOl@àOl@àOl@èOl@èOl@ðOl@ðOl@øOl@øOl@", length=-933244208, obj=0x8c2cc40) at mimetext.cpp:362 #13 0x4272b562 in MimeInlineText_open_dam (obj=0x8c2cc40) at mimetext.cpp:416 #14 0x4272b72d in MimeInlineText_rotate_convert_and_parse_line ( line=0x8ce47b8 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., length=12471, obj=0x8c2cc40) at mimetext.cpp:467 #15 0x42730d64 in convert_and_send_buffer ( buf=0x8ce47b8 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., length=12471, convert_newlines_p=1, per_line_fn=0x4272b5b8 <MimeInlineText_rotate_convert_and_parse_line(char *, int, MimeObject *)>, closure=0x8c2cc40) at mimebuf.cpp:168 #16 0x42730fb3 in mime_LineBuffer ( net_buffer=0x8cd7fb0 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., net_buffer_size=19441, bufferP=0x8c2cc68, buffer_sizeP=0x8c2cc70, buffer_fpP=0x8c2cc78, convert_newlines_p=1, per_line_fn=0x4272b5b8 <MimeInlineText_rotate_convert_and_parse_line(char *, int, MimeObject *)>, closure=0x8c2cc40) at mimebuf.cpp:255 #17 0x4272b041 in MimeInlineText_parse_decoded_buffer ( buf=0x8cd7fb0 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., size=19441, obj=0x8c2cc40) at mimetext.cpp:302 #18 0x42719893 in mime_decode_qp_buffer (data=0x8ba2db0, buffer=0x8cd7fb0 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., length=0) at mimeenc.cpp:192 #19 0x4271a5b4 in MimeDecoderWrite (data=0x8ba2db0, buffer=0x8cd7fb0 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., size=21245) at mimeenc.cpp:615 #20 0x427216a6 in MimeLeaf_parse_buffer ( buffer=0x8cd7fb0 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., size=21245, obj=0x8c2cc40) at mimeleaf.cpp:165 #21 0x42729b72 in MimePartBufferRead (data=0x8b703b0, read_fn=0x42721608 <MimeLeaf_parse_buffer(char *, int, MimeObject *)>, closure=0x8c2cc40) at mimepbuf.cpp:284 #22 0x42721f6c in MimeMultipartAlternative_display_cached_part (obj=0x8c3b180) at mimemalt.cpp:323 #23 0x42721a1b in MimeMultipartAlternative_parse_eof (obj=0x8c3b180, abort_p=0) at mimemalt.cpp:131 #24 0x427178aa in MimeContainer_parse_eof (object=0x8ccb6b8, abort_p=0) at mimecont.cpp:141 #25 0x42725576 in MimeMessage_parse_eof (obj=0x8ccb6b8, abort_p=0) at mimemsg.cpp:541 #26 0x4273306c in mime_display_stream_complete (stream=0x8ccb738) at mimemoz2.cpp:872 #27 0x427417a8 in nsStreamConverter::OnStopRequest (this=0x8ccac50, request=0x8cbee50, ctxt=0x0, status=0) at nsStreamConverter.cpp:1027 #28 0x40cec480 in nsDocumentOpenInfo::OnStopRequest (this=0x8b70db8, request=0x8cbee50, aCtxt=0x0, aStatus=0) at nsURILoader.cpp:271 #29 0x40bd7989 in nsStreamListenerTee::OnStopRequest (this=0x8cbcd18, request=0x8cbee50, context=0x0, status=0) at nsStreamListenerTee.cpp:24 #30 0x40ba74c0 in nsOnStopRequestEvent0::HandleEvent (this=0x8c73ed0) at nsAsyncStreamListener.cpp:319 #31 0x40ba6a5c in nsStreamListenerEvent0::HandlePLEvent (aEvent=0x8c73edc) at nsAsyncStreamListener.cpp:113 #32 0x401e1cc4 in PL_HandleEvent (self=0x8c73edc) at plevent.c:590 #33 0x401e1ab0 in PL_ProcessPendingEvents (self=0x8095ca0) at plevent.c:520 #34 0x401e3edc in nsEventQueueImpl::ProcessPendingEvents (this=0x806c5a8) at nsEventQueue.cpp:388 #35 0x40d6f343 in event_processor_callback (data=0x806c5a8, source=6, condition=GDK_INPUT_READ) at nsAppShell.cpp:184 #36 0x40d6eef5 in our_gdk_io_invoke (source=0x831fae8, condition=G_IO_IN, data=0x831fad8) at nsAppShell.cpp:77 #37 0x4049cc40 in g_io_add_watch () from /opt/gnome/lib/libglib-1.2.so.0 #38 0x4049e308 in g_get_current_time () from /opt/gnome/lib/libglib-1.2.so.0 #39 0x4049e913 in g_get_current_time () from /opt/gnome/lib/libglib-1.2.so.0 #40 0x4049eaac in g_main_run () from /opt/gnome/lib/libglib-1.2.so.0 #41 0x403c17e7 in gtk_main () from /opt/gnome/lib/libgtk-1.2.so.0 #42 0x40d6fa55 in nsAppShell::Run (this=0x8113748) at nsAppShell.cpp:364 #43 0x4093c582 in nsAppShellService::Run (this=0x8125b28) at nsAppShellService.cpp:302 #44 0x080593fa in main1 (argc=1, argv=0xbffff774, nativeApp=0x0) at nsAppRunner.cpp:1285 #45 0x0805a253 in main (argc=1, argv=0xbffff774) at nsAppRunner.cpp:1607 #46 0x405d82eb in __libc_start_main (main=0x805a038 <main>, argc=1, ubp_av=0xbffff774, init=0x8053c78 <_init>, fini=0x8064f40 <_fini>, rtld_fini=0x4000c130 <_dl_fini>, stack_end=0xbffff76c) at ../sysdeps/generic/libc-start.c:129
It's a regression. Worked with 0.9.5 and it worked when I received the mail on October 10th.
Keywords: crash
if you right-click the folder the mail is in, and open preferences for it: Which character set does the folder have? Is charset missing? If it seems to be set wrongly: Does setting it to iso8859-1 change anything?
It is set to Western ISO 8859-1 and checking "Apply default..." doesn't change anything. 2001102503 crashes, too =) looking at #20 0x427216a6 in MimeLeaf_parse_buffer ( buffer=0x8cd7fb0 "<!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN><html><head><title>InternetSeer : Weekly Report</title><style><!-- .nav {font-size:10pt; color:#0000ff; font-family:arial, helvetica;} .nav:"..., **size=21245** it seems that the whole page is being interpreted in 1 line. Maybe that's why only a few mails are affected by this regression.
.
Assignee: mscott → ducarroz
Component: Mail Back End → MIME
Not sure it's the same, but here's my stack: Incident ID 37191921 Stack Signature MimeInlineText_open_dam() bea68deb Bug ID Trigger Time 2001-10-25 15:19:46 Email Address stephend@netscape.com URL visited User Comments Crashed viewing an IMAP message. Build ID 2001102514 Product ID MozillaTrunk Platform ID LinuxIntel Trigger Reason SIGSEGV: Segmentation Fault: (signal 11) Stack Trace MimeInlineText_open_dam() MimeInlineText_parse_eof() MimeInlineTextPlain_parse_eof() MimeContainer_parse_eof() MimeContainer_parse_eof() MimeMessage_parse_eof() mime_display_stream_complete() nsStreamConverter::OnStopRequest() nsDocumentOpenInfo::OnStopRequest() nsStreamListenerTee::OnStopRequest() nsOnStopRequestEvent0::HandleEvent() nsStreamListenerEvent0::HandlePLEvent() PL_HandleEvent() PL_ProcessPendingEvents() nsEventQueueImpl::ProcessPendingEvents() event_processor_callback() our_gdk_io_invoke() libglib-1.2.so.0 + 0xea7a (0x40372a7a) libglib-1.2.so.0 + 0x10055 (0x40374055) libglib-1.2.so.0 + 0x10659 (0x40374659) libglib-1.2.so.0 + 0x107e8 (0x403747e8) libgtk-1.2.so.0 + 0x9165b (0x4028865b) nsAppShell::Run() nsAppShellService::Run() main1() main() libc.so.6 + 0x1c306 (0x404bb306)
MimeInlineText_open_dam() is something that the i18n folks recently landed / touched. for QA, I think you'd need autoconvert turned on to see this. this should go to shanjian@netscape.com
Assignee: ducarroz → shanjian
I am having a crash on some mails, but my stack sure looks different (and far more interesting ) in my opinion, on linux build 2001102606. Happens on bugzilla mail, and one specific html mail i have. If i open a regular mail, then bugzilla mail wont crash. Stack follows. I hope my stack is not related to bug 106646
Attached file Gdb backtrace
I still have gdb running with the crashed mozilla in it. If anyone wants me to print some commands then contact me to my mail address.
I have a guess of what caused the problem by looking at the stack. I am looking into the problem now. Could somebody send me a problematic email to my mail box? (shanjian@netscape.com). Thanks.
Status: NEW → ASSIGNED
The problem is how do i send that mail to you since i crash when accessing it... I guess i will download an old build to send it to you. Remember that i am having 2 problems -Bugzilla mail crashes if i select them before selecting other working mails -Specific types of mails, i have one html mail. Wait like 15 minutes and i should send it to you
Although it's not crashing, I see something wrong viewing bugzilla mail which has no charset label. mime_convert_charset is called with 'nsIUnicodeDecoder *decoder' as NULL and 'char *input_charset' as garbage.
In MimeInlineText_convert_and_parse_line, text->charset is already garbage, so getting the decoder is failing.
MIME_detect_charset() does not set 'aCharset' when no auto detect module is set. The following code uses the uninitialize pointer for the charset.
*** Bug 106970 has been marked as a duplicate of this bug. ***
Attached patch proposed patch (obsolete) — Splinter Review
I am still testing, the attached patch might still need further change.
I tried the patch with the attached data (which was crashing before the patch). No crash after the patch. Also, the charset is now set correctly so it uses the cached decoder instead of going to the slow fallback.
Is there any reason why src/mimetext.cpp @@ -51,7 +51,7 @@ static int MimeInlineText_parse_decoded_buffer (char *, PRInt32, MimeObject *); static int MimeInlineText_rotate_convert_and_parse_line(char *, PRInt32, MimeObject *); this should stay ? (in two lines and 14 tabs)
Applied the patch to my tree, and successfully sent an email and viewed the previously problematic email message. However, there is one problem with the patch. This assertion is fired on every message I read, which *could* mean something bad is happening. I'll let you be the judge; I know MIME is a very crucial area so small regressions are very bad. Here goes: ###!!! ASSERTION: zero length: 'length > 0', file C:\mozilla\moz\mozilla\mozilla \mailnews\mime\src\mimetpla.cpp, line 310 On every message I read. Otherwise, the patch works fine.
Attached patch updated patchSplinter Review
Attachment #55269 - Attachment is obsolete: true
Sumary of changes: 1, In "MimeInlineText_open_dam", we need to take care of the situation when Dam buffer is empty. 2, in comi18n.cpp, function MIME_detect_charset, aCharset will be set to null if detector does not detect anything. 3, If we could not get detectorname successfully (which means user does not select auto-detect), we skip all those buffering process. In order to do this, I need to add a variable "text->charsetOverridable" if charset come from either defaultCharset or autodection. In those situations, the charset should be overrided if html contains meta charset specification. This make "text->defaultCharset" unnecessary. 4, In "MimeInlineText_open_dam", if there is nothing to detect, detectedCharset will be set to null. Issue 1 caused the original crash, and issue 2 addessed naoki's concern. Issue 3 optimized the normal situation. Issue 4 is just a safe guard measure. Please code review.
With the new patch I don't assert, and can display my emails in my Inbox. Thanks Shanjian. Now we need to get this checked in ASAP; adding some possible reviewers of the latest patch.
Naoki, ducarroz, Could one of you do code review? thanks.
Comment on attachment 55277 [details] [diff] [review] updated patch R=ducarroz
Attachment #55277 - Flags: review+
Whiteboard: wait for sr
Comment on attachment 55336 [details] [diff] [review] update as suggested by seth. sr=sspitzer
Attachment #55336 - Flags: superreview+
fix checked in.
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Verified that this bastard is now fixed on build 2001102706
Status: RESOLVED → VERIFIED
*** Bug 107458 has been marked as a duplicate of this bug. ***
Adding topcrash keyword and Trunk [@ nsUnicodeDecodeHelper::ConvertByFastTable] to summary for future reference.
Keywords: topcrash
Summary: Crash viewing some mails → Crash viewing some mails - Trunk [@ nsUnicodeDecodeHelper::ConvertByFastTable]
Whoops! Disregard my last post...I meant to update the summary with [@ MimeInlineText_open_dam].
Summary: Crash viewing some mails - Trunk [@ nsUnicodeDecodeHelper::ConvertByFastTable] → Crash viewing some mails - Trunk [@ MimeInlineText_open_dam]
*** Bug 107054 has been marked as a duplicate of this bug. ***
Doh! Bug 107458 was marked a dup of this one...putting [@ nsUnicodeDecodeHelper::ConvertByFastTable] back into summary. Sorry for the spam!
Summary: Crash viewing some mails - Trunk [@ MimeInlineText_open_dam] → Crash viewing some mails - Trunk [@ MimeInlineText_open_dam] [@ nsUnicodeDecodeHelper::ConvertByFastTable]
Something weird is going on Mail is crashing when viewing mail I only get Program received signal SIGILL, Illegal instruction. [Switching to Thread 1024 (LWP 2589)] 0x413cfb72 in NSGetModule () from /usr/local/mozilla/components/libmime.so (gdb) bt #0 0x413cfb72 in NSGetModule () from /usr/local/mozilla/components/libmime.so Cannot access memory at address 0x0 In gdb
The MimeInlineText_open_dam part of this patch appears to be weirdly broken in several aspects. Please see bug 132163 for details.
Product: MailNews → Core
Product: Core → MailNews Core
Crash Signature: [@ MimeInlineText_open_dam] [@ nsUnicodeDecodeHelper::ConvertByFastTable]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: