Closed Bug 1184573 Opened 9 years ago Closed 9 years ago

Thunderbird crashes while processing header "\"=?windows-1251?B?wtLBIDI0ICjPwM4p====?=\"<client@crm.vtb24.ru>"

Tracking

(Not tracked)

Status:

RESOLVED WORKSFORME

People

(Reporter: gem, Unassigned)

Details

(Keywords: crash)

gem

Reporter

Description

•

9 years ago

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:39.0) Gecko/20100101 Firefox/39.0
Build ID: 20150714175040

Steps to reproduce:

I receive message and thunderbird crashes.


Actual results:

JavaScript error: resource:///modules/jsmime.jsm -> resource:///modules/jsmime/jsmime.js, line 70: Error: Failed to decode base64 string!
JavaScript error: resource:///modules/jsmime.jsm -> resource:///modules/jsmime/jsmime.js, line 70: Error: Failed to decode base64 string!

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1dd7c55 in memcpy (__len=262136, __src=0x0, __dest=0x7fffc69b6008) at /usr/include/bits/string3.h:51
51	  return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest));
(gdb) bt
#0  0x00007ffff1dd7c55 in memcpy (__len=262136, __src=0x0, __dest=0x7fffc69b6008) at /usr/include/bits/string3.h:51
#1  implementation<nsISupports*, nsISupports*, unsigned long, unsigned long> (aValues=0x0, aCount=32767, aStart=0, 
    aElements=0x7fffc69b6008) at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/glue/nsTArray.h:526
#2  AssignRange<nsISupports*> (aValues=0x0, aCount=32767, aStart=0, this=0x7fffffffa568)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/glue/nsTArray.h:1738
#3  nsTArray_Impl<nsISupports*, nsTArrayInfallibleAllocator>::AppendElements<nsISupports*> (this=this@entry=0x7fffffffa568, 
    aArray=aArray@entry=0x0, aArrayLen=aArrayLen@entry=32767)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/glue/nsTArray.h:1337
#4  0x00007ffff1dd7236 in nsCOMArray_base::Adopt (this=0x7fffffffa568, aElements=0x0, aSize=32767)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/glue/nsCOMArray.cpp:316
#5  0x00007ffff1d23c81 in Adopt (aSize=<optimized out>, aElements=<optimized out>, this=0x7fffffffa568)
    at ../../../dist/include/nsCOMArray.h:434
#6  mozilla::mailnews::EncodedHeader (aHeader=..., aCharset=0x7fffc5cbcca8 "ISO-8859-1")
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mailnews/mime/src/MimeHeaderParser.cpp:95
#7  0x00007ffff1bc99c2 in nsMsgDBView::FetchAuthor (this=this@entry=0x7fffcb3e9f00, aHdr=0x7fffc3d2cf00, aSenderString=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mailnews/base/src/nsMsgDBView.cpp:406
#8  0x00007ffff1bd3695 in nsMsgDBView::CellTextForColumn (this=this@entry=0x7fffcb3e9f00, aRow=aRow@entry=867, 
    aColumnName=aColumnName@entry=0x7fffd7ae69a8 u"senderCol", aValue=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mailnews/base/src/nsMsgDBView.cpp:1948
#9  0x00007ffff1be35a1 in nsMsgGroupView::CellTextForColumn (this=0x7fffcb3e9f00, aRow=867, aColumnName=0x7fffd7ae69a8 u"senderCol", 
    aValue=...) at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mailnews/base/src/nsMsgGroupView.cpp:882
#10 0x00007ffff1bc914f in nsMsgDBView::GetCellText (this=0x7fffcb3e9f00, aRow=867, aCol=0x7fffca891050, aValue=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mailnews/base/src/nsMsgDBView.cpp:1924
#11 0x00007ffff301306d in nsTreeBodyFrame::PaintText (this=this@entry=0x7fffc66fc248, aRowIndex=aRowIndex@entry=867, 
    aColumn=aColumn@entry=0x7fffca891050, aTextRect=..., aPresContext=aPresContext@entry=0x7fffd806c700, aRenderingContext=..., 
    aDirtyRect=..., aCurrX=@0x7fffffffab7c: 62136)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/xul/tree/nsTreeBodyFrame.cpp:3602
#12 0x00007ffff3017598 in nsTreeBodyFrame::PaintCell (this=this@entry=0x7fffc66fc248, aRowIndex=aRowIndex@entry=867, 
    aColumn=aColumn@entry=0x7fffca891050, aCellRect=..., aPresContext=aPresContext@entry=0x7fffd806c700, aRenderingContext=..., 
    aDirtyRect=..., aCurrX=@0x7fffffffad6c: 61896, aPt=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/xul/tree/nsTreeBodyFrame.cpp:3333
#13 0x00007ffff3017f20 in nsTreeBodyFrame::PaintRow (this=this@entry=0x7fffc66fc248, aRowIndex=aRowIndex@entry=867, aRowRect=..., 
    aPresContext=aPresContext@entry=0x7fffd806c700, aRenderingContext=..., aDirtyRect=..., aPt=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/xul/tree/nsTreeBodyFrame.cpp:3089
#14 0x00007ffff30182ba in nsTreeBodyFrame::PaintTreeBody (this=0x7fffc66fc248, aRenderingContext=..., aDirtyRect=..., aPt=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/xul/tree/nsTreeBodyFrame.cpp:2887
#15 0x00007ffff301ace3 in nsDisplayTreeBody::Paint (this=0x7fffc789bdf0, aBuilder=<optimized out>, aCtx=0x7fffffffb1f0)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/xul/tree/nsTreeBodyFrame.cpp:2795
#16 0x00007ffff2ebe132 in mozilla::FrameLayerBuilder::PaintItems (this=this@entry=0x7fffc5f4d420, aItems=..., aRect=..., 
    aContext=aContext@entry=0x7fffc41a4d80, aRC=aRC@entry=0x7fffffffb1f0, aBuilder=aBuilder@entry=0x7fffffffb990, 
    aPresContext=aPresContext@entry=0x7fffd806c700, aOffset=..., aXScale=aXScale@entry=1, aYScale=aYScale@entry=1, 
    aCommonClipCount=aCommonClipCount@entry=0)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/FrameLayerBuilder.cpp:4386
---Type <return> to continue, or q <return> to quit---
#17 0x00007ffff2ec0d5c in mozilla::FrameLayerBuilder::DrawPaintedLayer (aLayer=0x7fffc6efbe80, aContext=0x7fffc41a4d80, 
    aRegionToDraw=..., aClip=<optimized out>, aRegionToInvalidate=..., aCallbackData=0x7fffffffb990)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/FrameLayerBuilder.cpp:4586
#18 0x00007ffff234ed2e in mozilla::layers::BasicPaintedLayer::PaintBuffer (this=0x7fffc6efbe80, aContext=<optimized out>, 
    aRegionToDraw=..., aExtendedRegionToDraw=..., aRegionToInvalidate=..., aDidSelfCopy=<optimized out>, aClip=mozilla::layers::DRAW, 
    aCallback=0x7ffff2ec0876 <mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0x7fffffffb990)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/gfx/layers/basic/BasicPaintedLayer.h:116
#19 0x00007ffff234abe0 in mozilla::layers::BasicPaintedLayer::Validate (this=0x7fffc6efbe80, 
    aCallback=0x7ffff2ec0876 <mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0x7fffffffb990, aReadback=<optimized out>)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/gfx/layers/basic/BasicPaintedLayer.cpp:188
#20 0x00007ffff2346da6 in mozilla::layers::BasicContainerLayer::Validate (this=<optimized out>, 
    aCallback=0x7ffff2ec0876 <mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0x7fffffffb990, aReadback=<optimized out>)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/gfx/layers/basic/BasicContainerLayer.cpp:128
#21 0x00007ffff234e257 in mozilla::layers::BasicLayerManager::EndTransactionInternal (this=0x7fffcd019c00, 
    aCallback=0x7ffff2ec0876 <mozilla::FrameLayerBuilder::DrawPaintedLayer(mozilla::layers::PaintedLayer*, gfxContext*, nsIntRegion const&, mozilla::layers::DrawRegionClip, nsIntRegion const&, void*)>, aCallbackData=0x7fffffffb990, 
    aFlags=mozilla::layers::LayerManager::END_NO_COMPOSITE)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/gfx/layers/basic/BasicLayerManager.cpp:508
#22 0x00007ffff2efaf57 in nsDisplayList::PaintRoot (this=this@entry=0x7fffffffb8e8, aBuilder=aBuilder@entry=0x7fffffffb990, 
    aCtx=aCtx@entry=0x0, aFlags=aFlags@entry=13)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsDisplayList.cpp:1736
#23 0x00007ffff2f0cd46 in nsLayoutUtils::PaintFrame (aRenderingContext=aRenderingContext@entry=0x0, aFrame=aFrame@entry=
    0x7fffd7a704e8, aDirtyRegion=..., aBackstop=aBackstop@entry=4294967295, aFlags=<optimized out>)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsLayoutUtils.cpp:3199
#24 0x00007ffff2f1d2f7 in PresShell::Paint (this=0x7fffd7abb900, aViewToPaint=aViewToPaint@entry=0x7fffd825ffa0, aDirtyRegion=..., 
    aFlags=aFlags@entry=1)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsPresShell.cpp:6359
#25 0x00007ffff2d77bbd in nsViewManager::ProcessPendingUpdatesPaint (this=0x7fffd7ac4980, aWidget=aWidget@entry=0x7fffda3d4e40)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/view/nsViewManager.cpp:443
#26 0x00007ffff2d77cd8 in nsViewManager::ProcessPendingUpdatesForView (this=<optimized out>, aView=<optimized out>, 
    aFlushDirtyRegion=aFlushDirtyRegion@entry=true)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/view/nsViewManager.cpp:384
#27 0x00007ffff2d77d49 in nsViewManager::ProcessPendingUpdates (this=this@entry=0x7fffd7ac4980)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/view/nsViewManager.cpp:1074
#28 0x00007ffff2ea8bed in nsRefreshDriver::Tick (this=0x7fffd7abb600, aNowEpoch=aNowEpoch@entry=1437052207257928, aNowTime=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsRefreshDriver.cpp:1712
#29 0x00007ffff2eaa070 in mozilla::RefreshDriverTimer::TickDriver (driver=<optimized out>, jsnow=jsnow@entry=1437052207257928, 
    now=..., now@entry=...)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsRefreshDriver.cpp:198
#30 0x00007ffff2eaa106 in mozilla::RefreshDriverTimer::Tick (this=this@entry=0x7fffda3cce00, jsnow=jsnow@entry=1437052207257928, 
---Type <return> to continue, or q <return> to quit---
    now=...) at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsRefreshDriver.cpp:189
#31 0x00007ffff2eaa178 in Tick (this=0x7fffda3cce00)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsRefreshDriver.cpp:166
#32 mozilla::RefreshDriverTimer::TimerTick (aTimer=<optimized out>, aClosure=0x7fffda3cce00)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/layout/base/nsRefreshDriver.cpp:212
#33 0x00007ffff1dc8703 in nsTimerImpl::Fire (this=0x7fffda366500)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/threads/nsTimerImpl.cpp:631
#34 0x00007ffff1dc89ea in nsTimerEvent::Run (this=0x7fffd83fa0e8)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/threads/nsTimerImpl.cpp:724
#35 0x00007ffff1dc623a in nsThread::ProcessNextEvent (this=0x7ffff6cc70c0, aMayWait=<optimized out>, aResult=0x7fffffffc58f)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/threads/nsThread.cpp:855
#36 0x00007ffff1ddb099 in NS_ProcessNextEvent (aThread=<optimized out>, aMayWait=<optimized out>)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/xpcom/glue/nsThreadUtils.cpp:265
#37 0x00007ffff1f9499e in mozilla::ipc::MessagePump::Run (this=0x7ffff6ca3b00, aDelegate=0x7ffff6c46fc0)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/ipc/glue/MessagePump.cpp:99
#38 0x00007ffff1f80681 in RunHandler (this=0x7ffff6c46fc0)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/ipc/chromium/src/base/message_loop.cc:226
#39 MessageLoop::Run (this=0x7ffff6c46fc0)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/ipc/chromium/src/base/message_loop.cc:200
#40 0x00007ffff2d7b979 in nsBaseAppShell::Run (this=0x7ffff6c3b810)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/widget/nsBaseAppShell.cpp:164
#41 0x00007ffff327d4c9 in nsAppStartup::Run (this=0x7fffe19e3050)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/toolkit/components/startup/nsAppStartup.cpp:281
#42 0x00007ffff32ad817 in XREMain::XRE_mainRun (this=this@entry=0x7fffffffc7f0)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/toolkit/xre/nsAppRunner.cpp:4228
#43 0x00007ffff32adaf3 in XREMain::XRE_main (this=this@entry=0x7fffffffc7f0, argc=argc@entry=1, argv=argv@entry=0x7fffffffdcc8, 
    aAppData=aAppData@entry=0x7fffffffc9d8)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/toolkit/xre/nsAppRunner.cpp:4308
#44 0x00007ffff32add5b in XRE_main (argc=1, argv=0x7fffffffdcc8, aAppData=0x7fffffffc9d8, aFlags=<optimized out>)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mozilla/toolkit/xre/nsAppRunner.cpp:4527
#45 0x0000000000405802 in do_main (argc=argc@entry=1, argv=argv@entry=0x7fffffffdcc8, xreDirectory=0x7ffff6c17e00)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mail/app/nsMailApp.cpp:195
#46 0x00000000004051cc in main (argc=1, argv=0x7fffffffdcc8)
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mail/app/nsMailApp.cpp:380
(gdb) 
(gdb) fr 6
#6  mozilla::mailnews::EncodedHeader (aHeader=..., aCharset=0x7fffc5cbcca8 "ISO-8859-1")
    at /var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mailnews/mime/src/MimeHeaderParser.cpp:95
95	/var/tmp/portage/mail-client/thunderbird-38.0.1-r1/work/comm-esr38/mailnews/mime/src/MimeHeaderParser.cpp: No such file or directory.
(gdb) p aHeader
$1 = (const nsACString_internal &) @0x7fffffffa580: {
  mData = 0x7fffc3c57740 "\"=?windows-1251?B?wtLBIDI0ICjPwM4p====?=\"<client@crm.vtb24.ru>", mLength = 62, mFlags = 9}
(gdb)

Kent James (:rkent)

Comment 1

•

9 years ago

Are you on Thunderbird 38.0.1 or 38.1.0?

gem

Reporter

Updated

•

9 years ago

OS: Unspecified → Linux

Hardware: Unspecified → x86_64

gem

Reporter

Comment 2

•

9 years ago

I am using Gentoo and thunderbird version is 38.0.1-r1

Wayne Mery (:wsmwk)

Updated

•

9 years ago

Severity: normal → critical

Component: Untriaged → MIME

Keywords: crash

Product: Thunderbird → MailNews Core

gem

Reporter

Comment 3

•

9 years ago

This bug was already fixed in 38.1.0

Thanks !

Status: UNCONFIRMED → RESOLVED

Closed: 9 years ago

Resolution: --- → WORKSFORME

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

Thunderbird crashes while processing header "\"=?windows-1251?B?wtLBIDI0ICjPwM4p====?=\"<client@crm.vtb24.ru>"

Categories

(MailNews Core :: MIME, defect)

Tracking

(Not tracked)

People

(Reporter: gem, Unassigned)

References

Details

(Keywords: crash)

Crash Data

Security

(public)

User Story

Description

Comment 1

Updated

Comment 2

Updated

Comment 3