SIGPIPE during write() from javascript

RESOLVED INVALID

Status

Thunderbird
Message Compose Window
--
critical
RESOLVED INVALID
a year ago
11 months ago

People

(Reporter: amatus, Unassigned)

Tracking

({crash})

45 Branch
crash

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

a year ago
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/51.0.2704.79 Chrome/51.0.2704.79 Safari/537.36

Steps to reproduce:

I was composing an email with icedove version 1:45.1.0-1~deb8u1 on my amd64 Debian jessie box.
I had installed the -dbg package for symbols and had it running under gdb because it has been crashing recently, usually when just reading emails, this was the first time it crashed while composing.


Actual results:

Program received signal SIGPIPE, Broken pipe.
[Switching to Thread 0x7fff9c9fe700 (LWP 12265)]
0x00007ffff6ec9e6d in write () from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0  0x00007ffff6ec9e6d in write () from /lib/x86_64-linux-gnu/libc.so.6
#1  0x00007fffefa90dc0 in ffi_call_unix64 ()
   from /usr/lib/x86_64-linux-gnu/libffi.so.6
#2  0x00007fffefa90828 in ffi_call ()
   from /usr/lib/x86_64-linux-gnu/libffi.so.6
#3  0x00007ffff24e4b68 in js::ctypes::FunctionType::Call (cx=0x7fffb925ec00, 
    argc=3126788096, vp=0x7fff9c9fb948)
    at /build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/ctypes/CTypes.cpp:6663
#4  0x00007ffff28ae3e5 in CallJSNative (args=..., 
    native=0x7ffff24e44e0 <js::ctypes::FunctionType::Call(JSContext*, unsigned int, JS::Value*)>, cx=0x7fff9c9fb880)
    at /build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jscntxtinlines.h:235
#5  js::Invoke (cx=cx@entry=0x7fffb925ec00, args=..., 
    construct=construct@entry=js::NO_CONSTRUCT)
    at /build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/vm/Interpreter.cpp:432
#6  0x00007ffff28aeaed in js::Invoke (cx=0x7fffb925ec00, thisv=..., fval=..., 
    argc=3, argv=<optimized out>, rval=...)
    at /build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/vm/Interpreter.cpp:496
#7  0x00007ffff257bef6 in js::jit::DoCallFallback (cx=0x5b, 
    frame=0x7fffba5f0000, stub_=0xc, argc=4294967295, vp=0xf252151200000007, 
    res=...)
    at /build/icedove-tNL3mB/icedove-45.1.0/mozilla/js/src/jit/BaselineIC.cpp:6162
#8  0x00007fffdff55280 in ?? ()
#9  0x00007fff9c9fbd90 in ?? ()
#10 0x00007fff9c9fbd20 in ?? ()
#11 0xfff9000000000000 in ?? ()
#12 0x00007ffff4dca480 in js::jit::DoSpreadCallFallbackInfo ()
   from /usr/lib/icedove/libxul.so
#13 0x00007fffaf5346a0 in ?? ()
#14 0x00007fffdff56223 in ?? ()
#15 0x0000000000000b02 in ?? ()
#16 0x00007fff9c9fbe08 in ?? ()
#17 0x00007fffc487bb90 in ?? ()
#18 0x0000000000000003 in ?? ()
#19 0x00007fff9c9fbd68 in ?? ()
#20 0xfffc7fffaf515100 in ?? ()
#21 0xfffc7fffaf505780 in ?? ()
#22 0xfff880000000005b in ?? ()
#23 0xfffc7fffaf515280 in ?? ()
#24 0xfff880000000000c in ?? ()
#25 0x00007fff9c9fbe48 in ?? ()
#26 0x00007fffc487bb90 in ?? ()
#27 0x00007fffdff56cee in ?? ()
#28 0x0000000000001401 in ?? ()
#29 0xfff880000000000c in ?? ()
#30 0xfffc7fffaf515280 in ?? ()
#31 0xfff880000000005b in ?? ()
#32 0xfffc7fffaf505780 in ?? ()
#33 0xfffc7fffaf515100 in ?? ()
#34 0xfffa000000000010 in ?? ()
#35 0xfff880000000000c in ?? ()
#36 0xfffc7fffaf515280 in ?? ()
#37 0xfff8800000000000 in ?? ()
#38 0xfff880000000000c in ?? ()
#39 0xfff8800000000000 in ?? ()
#40 0xfff8800000000065 in ?? ()
#41 0x0000000000000000 in ?? ()
(gdb) 


Expected results:

Should not crash.
Message with an attachment, or without?
Crashed 45.0 also?
Severity: normal → critical
Component: Untriaged → Message Compose Window
Flags: needinfo?(amatus)
Keywords: crash
(Reporter)

Comment 2

a year ago
No attachment. I'll get back to you on 45.0.
(Reporter)

Comment 3

a year ago
I don't think I ever ran 45.0, the version before 1:45.1.0-1~deb8u1 was accepted into Debian stable-security on 2016-06-14 was 38.8.0-1~deb8u1, which I'm pretty sure didn't experience this crash. I'll look into building 45.0 to test, but it may take a while to determine if it has this bug or not since crashes have been rare.
(Reporter)

Comment 4

a year ago
Turns out gdb was catching SIGPIPE instead of sending it to the target which handles it fine. Sorry for the confusion.
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → INVALID

Updated

11 months ago
Flags: needinfo?(amatus)
You need to log in before you can comment on or make changes to this bug.