Closed
Bug 121935
Opened 23 years ago
Closed 21 years ago
Forwarding message crashes Mozilla
Categories
(MailNews Core :: Composition, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: bill.sheppard, Assigned: bugzilla)
Details
(Keywords: crash, stackwanted)
Attachments
(5 files)
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:0.9.7) Gecko/20011221
BuildID: 2001122106
I received a message which had been repeatedly forwarded, apparently munging a
fair amount of the MIME encoding. I forwarded this message as an attachment to
another account and deleted the original. Now upon attempting to forward the
copy saved in my Sent mail folder (which should have the original message
encapsulated as an attachment) Mozilla crashes with an invalid page fault in
module MSVCRT.DLL at 0177:7800b9c8.
I've attached the stack trace and the problem message.
Reproducible: Always
Steps to Reproduce:
1. Select offending message in selection pane
2. Click on "Forward" toolbar button
Actual Results: Mozilla crashes
Expected Results: Composition window opens
|
Reporter | |
Comment 1•23 years ago
|
||
|
|
Reporter | |
Comment 2•23 years ago
|
||
|
||
Comment 3•23 years ago
|
||
Reporter:
Can you please use a talkback enabled build ?
After talkback submitted the crash run mozilla/components/talkback.exe manually
to get the Talkback ID# and add this TB ID# in this bug.
And can you right click on that message and save it as Mail File (*.eml) and
attach it here ?
Keywords: crash
|
||
Updated•23 years ago
|
QA Contact: nbaca → sheelar
|
||
Comment 4•23 years ago
|
||
reassign and change the component
Assignee: mscott → ducarroz
Component: Networking - SMTP → Composition
|
|
||
Comment 5•23 years ago
|
||
Reporter,
The build you are using is old. Can you try this on a newer build?
|
|
Reporter | |
Comment 6•23 years ago
|
||
OK, looks like this works fine on 2002020406 (0.98). Thanks!
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago
Resolution: --- → WORKSFORME
|
|
Reporter | |
Comment 7•23 years ago
|
||
Sorry, spoke too soon. Forwarding the original message (which is now in the
trash folder) works, but forwarding the copy I forwarded (from the sent folder)
crashes on build 2002020406. Talkback ID is #TB2546617Y, reported 2/5/02 at
12:55PM.
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
|
|
||
Updated•23 years ago
|
Keywords: stackwanted
Please try this with a trunk build
MSVCRT.DLL + 0xb9c8 (0x7800b9c8)
MSVCRT.DLL + 0xb30c (0x7800b30c)
PR_Free [../../../../pr/src/malloc/prmem.c, line 436]
mime_free_attachments
[d:\builds\seamonkey\mozilla\mailnews\mime\src\mimedrft.cpp, line 498]
mime_parse_stream_complete
[d:\builds\seamonkey\mozilla\mailnews\mime\src\mimedrft.cpp, line 1573]
Bill, I can't crash with build 2002-02-27-03 on Windows 2000 with your test
message (forwarding, replying). Is this fixed for you, too?
|
||
Comment 11•23 years ago
|
||
An eml file containing the message that caused a crash repeatedly.
|
|
||
Comment 12•23 years ago
|
||
Crash when forwarding message - repeatable for me.
Unhandled exception in mozilla.exe (MSGBSUTIL.DLL): 0xC0000005: Access Violation
Occurs repeatably when I select a particular message in my IMAP Inbox and
hit the Forward button. Crash occurrs as soon as Forward button released.
Only ever seen with one particular message.
Here is the mozilla build info:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0rc3)
Gecko/20020523
BuildID: 2002052306
OS is Win2K Server + SP2
Here is the stack trace:
MSGBSUTL! 60f34439()
MIME! 607395b7()
MIME! 60738ec6()
MIME! 60732ca9()
MSGIMAP! 6087db4d()
NECKO! 6096d927()
XPCOM! 6116d41f()
SETUPAPI! 778b0c24
Here is the register info:
EAX = 0012FA34 EBX = 00000000 ECX = 00000000 EDX = 80000000 ESI = 030548F0 EDI
= 00000000
EIP = 60F34439 ESP = 0012F82C EBP = 0012FA14 EFL = 00000206
MM0 = BAD088FC00000000 MM1 = BFE89B63000000E1 MM2 = BFEA2CE7BAD0877C MM3 =
BAD086B800000000
MM4 = 0000000000000000 MM5 = 0000000000000000 MM6 = 0000000000000000 MM7 =
FA00000000000000
XMM0 = 0012FDF00012FD40000000180000001B XMM1 = 7FFDE0000012FFB000000000BAD08DD8
XMM2 = BAD0891C81176554BAD086480012FDC8 XMM3 = 7FFDE6CC00000000804147538045FD60
XMM4 = 824E77DCA0000373BAD0892C00000000 XMM5 = 00000084000007AAA005408C00000001
XMM6 = 00525D700000000000000018A0380E68 XMM7 = 00000000006C01EA0000000000000084
CS = 001B DS = 0023 ES = 0023 SS = 0023 FS = 0038 GS = 0000 OV=0 UP=0 EI=1
PL=0 ZR=0 AC=0 PE=1 CY=0
XMM00 = +3.78351E-044 XMM01 = +3.36312E-044 XMM02 = +1.74389E-039 XMM03 =
+1.74413E-039
XMM10 = -1.59114E-003 XMM11 = +0.00000E+000 XMM12 = +1.74476E-039 XMM13 =
+1.#QNANE+000
XMM20 = +1.74408E-039 XMM21 = -1.59092E-003 XMM22 = -2.78070E-038 XMM23 = -
1.59100E-003
XMM30 = -6.42754E-039 XMM31 = -5.99489E-039 XMM32 = +0.00000E+000 XMM33 =
+1.#QNANE+000
XMM40 = +0.00000E+000 XMM41 = -1.59100E-003 XMM42 = -1.08432E-019 XMM43 = -
1.51689E-037
XMM50 = +1.40130E-045 XMM51 = -1.12869E-019 XMM52 = +2.74935E-042 XMM53 =
+1.84971E-043
XMM60 = -1.55902E-019 XMM61 = +3.36312E-044 XMM62 = +0.00000E+000 XMM63 =
+7.56403E-039
XMM70 = +1.84971E-043 XMM71 = +0.00000E+000 XMM72 = +9.91892E-039 XMM73 =
+0.00000E+000 MXCSR = 00001F80
ST0 = +2.11281009475938174e+0719 ST1 = +0.00000000000000000e+0000 ST2 = -
1.89865406387901985e+0176
ST3 = +5.87511559076009300e+3771 ST4 = +0.00000000000000000e+0000 ST5 =
+0.00000000000000000e+0000
ST6 = +0.00000000000000000e+0000 ST7 = +5.00000000000000000e+0002
CTRL = 027F STAT = 4020 TAGS = FFFF EIP = 78001E27
CS = 001B DS = 0023 EDO = 0012F434
|
|
||
Updated•23 years ago
|
QA Contact: sheelar → meehansqa
|
||
Comment 13•23 years ago
|
||
Reporter: I can't reproduce this with build 2002-06-03-08 using your test
message on Windows 2000. Can you test and see if this still happens for you?
|
|
Reporter | |
Comment 14•23 years ago
|
||
Works fine for me now.
Status: UNCONFIRMED → RESOLVED
Closed: 23 years ago → 23 years ago
Resolution: --- → WORKSFORME
|
|
Reporter | |
Comment 15•23 years ago
|
||
Oops - my message works OK, but others who have reported crashing messages
should probably test their's as well. Incidentally, this worksforme on 1.0RC3.
Status: RESOLVED → UNCONFIRMED
Resolution: WORKSFORME → ---
|
|
||
Comment 16•23 years ago
|
||
Terry, can you test this in your scenario?
|
|
||
Comment 17•23 years ago
|
||
Hit Forward button to forward a selected message. (RC3 on Win2K)
Read access violation.
Stack trace:
MSGBSUTL! 60f34439()
MIME! 607395b7()
MIME! 60738ec6()
MIME! 60732ca9()
MSGIMAP! 6087db4d()
NECKO! 6096d927()
XPCOM! 6116d41f()
SETUPAPI! 778b0c
Registers:
EAX = 0012FA34 EBX = 00000000 ECX = 00000000 EDX = 80000000 ESI = 044EB7E0 EDI =
00000000
EIP = 60F34439 ESP = 0012F82C EBP = 0012FA14 EFL = 00200206
MM0 = 00000001000000AF MM1 = BAF29614819034C8 MM2 = BAF2991C80469FD3 MM3 =
814C508CBAF29644
MM4 = 0000000000000000 MM5 = 0000000000000000 MM6 = 0000000000000000 MM7 =
FA00000000000000
XMM0 = 0012FDF00012FD40000000180000001B XMM1 = 7FFDE0000012FFB000000000BAF29DD8
XMM2 = BAF2991C814C5054BAF296480012FDC8 XMM3 = 7FFDE6CC00000000804147538045FD60
XMM4 = 8191AE3CA0000373BAF2992C00000000 XMM5 = 0000008400000358A005408C00000001
XMM6 = 0045A8E8819034C818F48FF5A038C770 XMM7 = 00000000005001940000000000000084
CS = 001B DS = 0023 ES = 0023 SS = 0023 FS = 0038 GS = 0000 OV=0 UP=0 EI=1 PL=0
ZR=0 AC=0 PE=1 CY=0
XMM00 = +3.78351E-044 XMM01 = +3.36312E-044 XMM02 = +1.74389E-039 XMM03 =
+1.74413E-039
XMM10 = -1.85102E-003 XMM11 = +0.00000E+000 XMM12 = +1.74476E-039 XMM13 =
+1.#QNANE+000
XMM20 = +1.74408E-039 XMM21 = -1.85079E-003 XMM22 = -3.75265E-038 XMM23 =
-1.85088E-003
XMM30 = -6.42754E-039 XMM31 = -5.99489E-039 XMM32 = +0.00000E+000 XMM33 =
+1.#QNANE+000
XMM40 = +0.00000E+000 XMM41 = -1.85088E-003 XMM42 = -1.08432E-019 XMM43 =
-5.35146E-038
XMM50 = +1.40130E-045 XMM51 = -1.12869E-019 XMM52 = +1.19951E-042 XMM53 =
+1.84971E-043
XMM60 = -1.56514E-019 XMM61 = +6.32179E-024 XMM62 = -5.29730E-038 XMM63 =
+6.39724E-039
XMM70 = +1.84971E-043 XMM71 = +0.00000E+000 XMM72 = +7.34741E-039 XMM73 =
+0.00000E+000 MXCSR = 00001F80
ST0 = +0.00000000000000000e+0000 ST1 = +0.00000000000000000e+0000 ST2 =
+0.00000000000000000e+0000
ST3 = +9.06221337680116653e+1242 ST4 = +0.00000000000000000e+0000 ST5 =
+0.00000000000000000e+0000
ST6 = +0.00000000000000000e+0000 ST7 = +5.00000000000000000e+0002
CTRL = 027F STAT = 4023 TAGS = FFFF EIP = 78001E27
CS = 001B DS = 0023 EDO = 0012F434
Memory:
60F34405 pop ebx
60F34406 leave
60F34407 ret
60F34408 push ebp
60F34409 mov ebp,esp
60F3440B sub esp,1DCh
60F34411 push ebx
60F34412 push esi
60F34413 mov esi,dword ptr [ebp+0Ch]
60F34416 xor ebx,ebx
60F34418 cmp esi,ebx
60F3441A push edi
60F3441B jne 60F34427
60F3441D mov eax,80004003h
60F34422 jmp 60F34603
60F34427 cmp byte ptr [esi],bl
60F34429 jne 60F34436
60F3442B mov ecx,dword ptr [ebp+10h]
60F3442E push ebx
60F3442F mov eax,dword ptr [ecx]
60F34431 call dword ptr [eax+24h]
60F34434 jmp 60F34475
60F34436 mov edi,dword ptr [ebp+8]
60F34439 cmp byte ptr [edi],bl
60F3443B je 60F3445F
60F3443D push edi
60F3443E push 60F48EF8h
60F34443 call 60F361A2
60F34448 pop ecx
60F34449 test eax,eax
60F3444B pop ecx
60F3444C je 60F3445F
60F3444E push edi
60F3444F push 60F48EECh
60F34454 call 60F361A2
60F34459 pop ecx
60F3445A test eax,eax
60F3445C pop ecx
60F3445D jne 60F3447C
60F3445F push esi
60F34460 call dword ptr ds:[60F3722Ch]
Current instruction pointer at 60F34439.
This is the second time I've seen this. It appears to be specific to
the message being forwarded. It is repeatable.
|
|
||
Comment 18•23 years ago
|
||
|
|
||
Comment 19•23 years ago
|
||
Just downloaded nightly build from 05Jun2002 and tested.
Both of my test cases still crash repeatably on this build.
Crash is at same address for both test cases.
Mozilla 1.0.0+
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0+) Gecko/20020605
The instruction at "0x61104276" referenced the memory at "0x00000000". The
memory could not be "read".
PC at 61104276 cmp byte ptr [edi],bl
Stack:
MSGBSUTL! 61104276()
MIME! 60cb9847()
MIME! 60cb9164()
MIME! 60cb2c5b()
MSGIMAP! 60d2d732()
NECKO! 602ed682()
XPCOM! 60ead5b0()
XPCOM! 60ea2f5a()
SETUPAPI! 778b0c24()
Registers:
EAX = 0012FA2C EBX = 00000000 ECX = 00000000 EDX = 80000000 ESI = 033C4FF8 EDI =
00000000
EIP = 61104276 ESP = 0012F824 EBP = 0012FA0C EFL = 00200206
MM0 = 80414C0B80415CF6 MM1 = 0000000000000000 MM2 = A0000B2FBB5F6614 MM3 =
0000000000000000
MM4 = 0000000000000000 MM5 = 0000000000000000 MM6 = 0000000000000000 MM7 =
FA00000000000000
XMM0 = 0012FDEC0012FD3C000000180000001B XMM1 = 7FFDE0000012FFB000000000BB5F6DD8
XMM2 = BB5F691C812EB3D4BB5F66480012FDC4 XMM3 = 7FFDE6CC00000000804147538045FD60
XMM4 = 8191AE3CA0000373BB5F692C00000000 XMM5 = 00000084000002EAA005408C00000001
XMM6 = 004EB550E58AEB04E58AEAFCA03EC2E8 XMM7 = 000000000037017E0000000000000084
CS = 001B DS = 0023 ES = 0023 SS = 0023 FS = 0038 GS = 0000 OV=0 UP=0 EI=1 PL=0
ZR=0 AC=0 PE=1 CY=0
XMM00 = +3.78351E-044 XMM01 = +3.36312E-044 XMM02 = +1.74388E-039 XMM03 =
+1.74413E-039
XMM10 = -3.40926E-003 XMM11 = +0.00000E+000 XMM12 = +1.74476E-039 XMM13 =
+1.#QNANE+000
XMM20 = +1.74407E-039 XMM21 = -3.40881E-003 XMM22 = -3.20878E-038 XMM23 =
-3.40897E-003
XMM30 = -6.42754E-039 XMM31 = -5.99489E-039 XMM32 = +0.00000E+000 XMM33 =
+1.#QNANE+000
XMM40 = +0.00000E+000 XMM41 = -3.40898E-003 XMM42 = -1.08432E-019 XMM43 =
-5.35146E-038
XMM50 = +1.40130E-045 XMM51 = -1.12869E-019 XMM52 = +1.04537E-042 XMM53 =
+1.84971E-043
XMM60 = -1.61581E-019 XMM61 = -8.20027E+022 XMM62 = -8.20027E+022 XMM63 =
+7.22821E-039
XMM70 = +1.84971E-043 XMM71 = +0.00000E+000 XMM72 = +5.05149E-039 XMM73 =
+0.00000E+000 MXCSR = 00001F80
ST0 = +0.00000000000000000e+0000 ST1 = +0.00000000000000000e+0000 ST2 =
+0.00000000000000000e+0000
ST3 = +0.00000000000000000e+0000 ST4 = +0.00000000000000000e+0000 ST5 =
+0.00000000000000000e+0000
ST6 = +0.00000000000000000e+0000 ST7 = +5.00000000000000000e+0002
CTRL = 027F STAT = 4020 TAGS = FFFF EIP = 78001E27
CS = 001B DS = 0023 EDO = 0012F428
Instruction context:
61104243 leave
61104244 ret
61104245 push ebp
61104246 mov ebp,esp
61104248 sub esp,1DCh
6110424E push ebx
6110424F push esi
61104250 mov esi,dword ptr [ebp+0Ch]
61104253 xor ebx,ebx
61104255 cmp esi,ebx
61104257 push edi
61104258 jne 61104264
6110425A mov eax,80004003h
6110425F jmp 61104440
61104264 cmp byte ptr [esi],bl
61104266 jne 61104273
61104268 mov ecx,dword ptr [ebp+10h]
6110426B push ebx
6110426C mov eax,dword ptr [ecx]
6110426E call dword ptr [eax+24h]
61104271 jmp 611042B2
61104273 mov edi,dword ptr [ebp+8]
61104276 cmp byte ptr [edi],bl
61104278 je 6110429C
6110427A push edi
6110427B push 61118F88h
61104280 call 611061BA
61104285 pop ecx
61104286 test eax,eax
61104288 pop ecx
61104289 je 6110429C
6110428B push edi
6110428C push 61118F7Ch
61104291 call 611061BA
61104296 pop ecx
61104297 test eax,eax
61104299 pop ecx
6110429A jne 611042B9
6110429C push esi
6110429D call dword ptr ds:[6110722Ch]
611042A3 test eax,eax
611042A5 pop ecx
611042A6 je 611042B9
611042A8 mov ecx,dword ptr [ebp+10h]
611042AB push esi
611042AC call dword ptr ds:[61107178h]
|
|
||
Updated•23 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
Assignee | |
Comment 20•23 years ago
|
||
using yesterday nigtly build, I am not anle to reproduce the crash. Can somebody
give me the exact steps te recreate the problem. Also, let me know if you do a
forward inline or forward as attachment. Thanks
|
|
||
Comment 21•23 years ago
|
||
|
|
||
Comment 22•23 years ago
|
||
Using Mozilla 1.0 release, confirmed that on Win2k, the bug occurs
only when forwarding inline, not when forwarding attached.
I will attach a zip file containing 2 files. These files constitute
a "Local Folders" mailbox named "MozBugMessages". To test, you start
mail, create an empty Local Folder called MozBugMessages and then
exit Mozilla. Next, replace the files MozBugMessages and MozBugMessages.msf
in your Local Folders directory with the files from the zip
attached to this bug. Restart Mozilla. You should be able to
open the MozBugMessages folder in the Local Folders
account, select the one message, and then hit Forward. On my system, if
Forwarding is set to Inline, an access violation will occur. Always.
|
||
Comment 23•23 years ago
|
||
I am seeing a similar crash. However, the exact steps for my crash are a
little bit different:
To reproduce:
1. Click on any message in IMAP
2. View Message Source for message (Ctrl-U)
3. Close Message Source window
4. Quickly, hit forward toolbar button.
5. Result is a crash
Errors filed as Talkback # TB147185Y, TB146914H and #TB146873E, reported
6/8/2002.
|
|
||
Comment 24•23 years ago
|
||
BTW, that crash is on RC3
|
||
Comment 25•21 years ago
|
||
unable to reproduce with attached message. tested windows Mozilla 1.7 beta.
Status: NEW → RESOLVED
Closed: 23 years ago → 21 years ago
Resolution: --- → WORKSFORME
|
||
Updated•20 years ago
|
Product: MailNews → Core
|
||
Updated•17 years ago
|
Product: Core → MailNews Core
You need to log in
before you can comment on or make changes to this bug.
Description
•