Closed
Bug 1163132
Opened 9 years ago
Closed 8 years ago
crash in nsMsgFilterAfterTheFact::ContinueExecutionPrompt()
Categories
(Thunderbird :: Filters, defect)
Tracking
(thunderbird38 fixed, thunderbird39 fixed, thunderbird40 fixed, thunderbird41 fixed)
RESOLVED
FIXED
Thunderbird 41.0
People
(Reporter: rkent, Assigned: rkent)
References
Details
(Keywords: crash, regression, topcrash-thunderbird, Whiteboard: [regression:TB37])
Crash Data
Attachments
(1 file)
2.11 KB,
patch
|
neil
:
review+
rkent
:
approval-comm-aurora+
rkent
:
approval-comm-beta+
|
Details | Diff | Splinter Review |
This bug was filed from the Socorro interface and is report bp-be07b0a6-87c6-44dd-9e9a-e467b2150502. =============================================================
Assignee | ||
Comment 1•9 years ago
|
||
Somehow the filter executor is getting destroyed prematurely. The stacks seem messed up after a certain point. This patch is really a simple, no-risk experiment. I don't have better ideas. Still a top crasher.
Comment 2•9 years ago
|
||
Comment on attachment 8603533 [details] [diff] [review] Hold onto reference in parent to ApplyFilters Given line 336 I can't see how this makes any difference, but you're welcome to try.
Attachment #8603533 -
Flags: review?(neil) → review+
Comment 3•9 years ago
|
||
indeed #3 crash for 38.0b4. And, I do not see any crashes before version 37 beta. The majority of crashes may be the person with this crash bp-bb602fbe-ee18-4ab3-ac72-340672150330. He has many lterAfterTheFact::ApplyFilter(bool*) / bug 797710 crashes such as bp-b623460d-8c6f-4148-bf80-acd702150224. I'll check to see if he is using maildir.
Keywords: regression,
topcrash-thunderbird
See Also: → 797710
Comment 4•9 years ago
|
||
First 37.0a1 is 29-Nov-2014. So the regression could be one of these 831c95685e21 2015-03-25 15:23 -0700 ISHIKAWA, Chiaki - Bug 1146100: save a to-be-freed value for later use, r=rkent b50441dcdf0d 2015-02-23 01:49 +0100 ISHIKAWA, Chiaki - Bug 854172 - Add a missing check of the return value of MoveIncorporatedMessage, and the failure to log such failure. r=rkent IGNORE IDL 5967bba9d130 2015-01-01 10:25 -0800 R Kent James - Bug 1116561 - filter after the fact should return an error if any filter failed, r=neil, a=rkent 79d319474891 2014-12-30 21:53 +0000 Neil Rashbrook - Bug 11039 Filter sent messages r=rkent a=starred CLOSED TREE 7bc453bb4cdd 2014-12-20 08:48 -0800 R Kent James - Bug 695671 - Only 1 message filter seems to execute when I hit "Run Filters on Folder", r=neil, a=rkent
Comment 5•9 years ago
|
||
Does this happen only under Windows?
Comment 6•9 years ago
|
||
(In reply to ISHIKAWA, Chiaki from comment #5) > Does this happen only under Windows? so far, yes only windows. But the crash count to date is much, much too low to say that other OS are not impacted. N.B. bug 797710 is all OS. What are you thinking?
Comment 7•9 years ago
|
||
(In reply to Wayne Mery (:wsmwk, use Needinfo for questions) from comment #6) > (In reply to ISHIKAWA, Chiaki from comment #5) > > Does this happen only under Windows? > > so far, yes only windows. But the crash count to date is much, much too low > to say that other OS are not impacted. N.B. bug 797710 is all OS. > > What are you thinking? Maybe a low-level machine-dependent library may have some funny interactions, etc. But I am sort of a fishing trip on this one. I have no clear idea. At least, from the static reading of the code for linux part, it is hard to see where the double-free, etc. can happen. I will keep an eye on this while I work on the POP3/IMAP code, though. TIA
Assignee | ||
Comment 8•9 years ago
|
||
http://hg.mozilla.org/comm-central/rev/2e392e51238e (keep open, this is an experiment)
Target Milestone: --- → Thunderbird 41.0
Assignee | ||
Updated•9 years ago
|
Attachment #8603533 -
Flags: approval-comm-beta?
Attachment #8603533 -
Flags: approval-comm-aurora?
Assignee | ||
Comment 9•9 years ago
|
||
Comment on attachment 8603533 [details] [diff] [review] Hold onto reference in parent to ApplyFilters http://hg.mozilla.org/releases/comm-aurora/rev/c66ae8a4029e
Attachment #8603533 -
Flags: approval-comm-aurora? → approval-comm-aurora+
Assignee | ||
Updated•9 years ago
|
status-thunderbird38:
--- → affected
status-thunderbird39:
--- → affected
status-thunderbird40:
--- → fixed
status-thunderbird41:
--- → fixed
Assignee | ||
Comment 10•9 years ago
|
||
Comment on attachment 8603533 [details] [diff] [review] Hold onto reference in parent to ApplyFilters TB 38: http://hg.mozilla.org/releases/comm-beta/rev/ce7bee323287 TB 39: http://hg.mozilla.org/releases/comm-beta/rev/127e1f37bc11
Attachment #8603533 -
Flags: approval-comm-beta? → approval-comm-beta+
Assignee | ||
Updated•9 years ago
|
Assignee | ||
Updated•9 years ago
|
Keywords: leave-open
Comment 11•9 years ago
|
||
bug 1186392 has an example crash of version 38. If you think it is the same issue I'll dupe it to this bug
Flags: needinfo?(rkent)
Assignee | ||
Comment 12•9 years ago
|
||
Yes the crash in bug 1186392 has the same pattern as this, namely that the main object is being deleted from some unknown source. Si I would say that we failed to fix this bug, and re-opening and duping might be the best path.
Flags: needinfo?(rkent)
Updated•9 years ago
|
Crash Signature: [@ nsMsgFilterAfterTheFact::ContinueExecutionPrompt()] → [@ nsMsgFilterAfterTheFact::ContinueExecutionPrompt()]
[@ nsMsgFilterAfterTheFact::ContinueExecutionPrompt]
Comment 14•8 years ago
|
||
The signature is gone in version 38.3.0 [1], so I believe this and bug 1153820 are pretty much fixed by bug 797710. (and perhaps the patch here helped?) Although a topcrash for trunk and 37beta, this never evolved into a topcrash for version 38 - far from it, only a few crashes per week for 38.1.0, and 38.2.0. (Only one filter crash in top 300 for 38.3.0. Rank #300 @ nsMsgFilterAfterTheFact::ApplyFilter, only 24 crashes in one week, bug 537017) [1] https://crash-stats.mozilla.com/search/?signature=~nsMsgFilterAfterTheFact%3A%3AContinueExecutionPrompt&product=Thunderbird&_facets=signature&_columns=date&_columns=signature&_columns=product&_columns=version&_columns=build_id&_columns=platform#crash-reports
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: [regression:TB37]
Comment 15•6 years ago
|
||
Removing leave-open keyword from resolved bugs, per :sylvestre.
Keywords: leave-open
You need to log in
before you can comment on or make changes to this bug.
Description
•