Closed Bug 1322223 Opened 8 years ago Closed 8 years ago

Sending email in Earlybird 52 crashes when anchor with non-standard protocol is contained in the message, for example <a href="skype: ...">

Categories

(MailNews Core :: Composition, defect)

Product:
MailNews Core
Component:
Composition
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(thunderbird52 fixed, thunderbird53 fixed)

Status:
VERIFIED FIXED
Milestone:
Thunderbird 53.0
Tracking Flags:
Tracking Status
thunderbird52 --- fixed
thunderbird53 --- fixed

People

(Reporter: Kostic, Assigned: jorgk-bmo)

References

Details

(Keywords: crash, regression, topcrash-thunderbird, Whiteboard: [regression:TB52])

Crash Data

Attachments

(1 file, 3 obsolete files)

1322223-crash-with-fancy-sig.patch (v2)
2.82 KB, patch
jorgk-bmo
: review+
jorgk-bmo
: approval-comm-aurora+
Details | Diff | Splinter Review 
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
Build ID: 20161130084405

Steps to reproduce:

Wrote a new email and clicked the "Send" button.


Actual results:

Earylbird crashes.


Expected results:

Earylbird should have sent the email.
OS: Unspecified → Linux
Hardware: Unspecified → x86_64
Host OS is Fedora 25, desktop envirnoment is Gnome 3.22 and I am using the Wayland session instead of the Xorg one (I'm 99% sure that Earlybird runs on Wayland inside XWayland).
maybe Andre can assist you
Severity: normal → critical
Keywords: crash
Thanks for taking the time to report this!
Please provide a stacktrace of the crash. See https://developer.mozilla.org/en/How_to_get_a_stacktrace_for_a_bug_report . 
After doing this, please remove the "stackwanted" keyword from this report.
Flags: needinfo?(marko.m.kostic)
Keywords: stackwanted
The crash has been submitted by the Mozilla Crash Reporter. Crash ID is bp-f9b461dc-1493-4439-b5fd-9304a2160519. Is this what you wanted?
Sorry, that's the wrong crash id. The correct one is bp-0a29ac9d-376b-45dc-9823-aa5ed2161206.
Flags: needinfo?(marko.m.kostic)
yes :)
Keywords: crashcrashreportid
No crash on Windows with 52.0a2 (2016-12-06) (32-bit)
Not much going on in thread 0.  Nor in the raw dump. We really need a better dump.

[@ libxul.so@0xb18740 ]
Frame	Module	Signature
0 	libxul.so	libxul.so@0xb18740

Does it reproduce in safe mode?
With nightly build https://archive.mozilla.org/pub/thunderbird/nightly/latest-comm-central/ ?
Crash Signature: [@ libxul.so@0xb18740 ]
Flags: needinfo?(marko.m.kostic)
Keywords: crashreportidcrash, stackwanted
I found a way to narrow the crash. To reliably crash Earlybird when sending an email, the email you send from should contain an HTML signature.

Sending from an email account which doesn't have HTML signature configured does not crash Earlybird.

The crash happens in regular and in safe mode, in Daily and in Earylbird versions.
please (always) post all your newer crash ids.

Does your signature contain a link or image?
Can you attach the html to the bug?
Do you attach the signature from a file or do you type it in directly into the signature box?

Can you please answer this question and paste the signature here.

Magnus, we/you most likely caused this in "our favourite bug" (which has access limitations, that's why I won't quote the number here).
Flags: needinfo?(mkmelin+mozilla)
We've done some work in the area of adding the signature. I just tried and got no crash. So it must be a specific signature that causes the crash.
(In reply to Jorg K (GMT+1) from comment #11)
> 
> Magnus, we/you most likely caused this in "our favourite bug" (which has
> access limitations, that's why I won't quote the number here).

However, it is useful to those of us who do have access
Oops, wrong bug, mist likely caused by bug 1316570. Lots of digging around with the signature there:
https://hg.mozilla.org/comm-central/rev/dd4587a78cfd200881956427c8d3fd468aaf9758#l6.50

We must however have the crashing signature to debug this.
The signature has been configured in the Account settings (text pasted, checked the "Use HTML") button.

The HTML signature is work related and I am somewhat reluctant to attach it to a public forum. Is it possible to create a private attachement?
Send it to me via e-mail, please, just click on the "JK" to get my e-mail. I won't publish your signature ;-)
That's good to know. :D

Sent the sig to your email, Jorg.
I received the signature in question via a private message. It's quite a large block of HTML ;-)
It reproduced the crash upon sending a message with this signature. I'll look into it.

Stack:
xul.dll!nsMsgComposeAndSend::GetEmbeddedObjectInfo(nsIDOMNode * node, nsMsgAttachmentData * attachment, bool * acceptObject) Line 1408	C++
xul.dll!nsMsgComposeAndSend::GetMultipartRelatedCount(bool forceToBeCalculated) Line 1497	C++
xul.dll!nsMsgComposeAndSend::Init(nsIMsgIdentity * aUserIdentity, const char * aAccountKey, nsMsgCompFields * fields, nsIFile * sendFile, bool digest_p, bool dont_deliver_p, int mode, nsIMsgDBHdr * msgToReplace, const char * attachment1 [details] [diff] [review]_type, const nsACString_internal & attachment1 [details] [diff] [review]_body, nsIArray * attachments, nsIArray * preloaded_attachments, const char * password, const nsACString_internal & aOriginalMsgURI, int aType) Line 3026	C++
xul.dll!nsMsgComposeAndSend::CreateAndSendMessage(nsIEditor * aEditor, nsIMsgIdentity * aUserIdentity, const char * aAccountKey, nsIMsgCompFields * fields, bool digest_p, bool dont_deliver_p, int mode, nsIMsgDBHdr * msgToReplace, const char * attachment1 [details] [diff] [review]_type, const nsACString_internal & attachment1 [details] [diff] [review]_body, nsIArray * attachments, nsIArray * preloaded_attachments, mozIDOMWindowProxy * parentWindow, nsIMsgProgress * progress, nsIMsgSendListener * aListener, const char * password, const nsACString_internal & aOriginalMsgURI, int aType) Line 4046	C++
xul.dll!nsMsgCompose::SendMsgToServer(int deliverMode, nsIMsgIdentity * identity, const char * accountKey) Line 1273	C++
xul.dll!nsMsgCompose::SendMsg(int deliverMode, nsIMsgIdentity * identity, const char * accountKey, nsIMsgWindow * aMsgWindow, nsIMsgProgress * progress) Line 1473	C++

The code in question is:
  bool isHttp =
    (NS_SUCCEEDED(attachment->m_url->SchemeIs("http", &isHttp)) && isHttp) ||
    (NS_SUCCEEDED(attachment->m_url->SchemeIs("https", &isHttp)) && isHttp);
And attachment->m_url is sadly null :-(
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(mkmelin+mozilla)
Flags: needinfo?(marko.m.kostic)
Fixing a crash you caused ;-)
Assignee: nobody → jorgk
Status: NEW → ASSIGNED
Attachment #8816998 - Flags: review?(mkmelin+mozilla)
Excellent!

Any ETA on how long it takes for the patch to get to the Earlybird, from master?
This is the signature that crashes stripped down. All personal details removed. I have actually not worked out what causes the crash exactly.

(In reply to Марко М. Костић (Marko M. Kostić)  [:Kostic] from comment #20)
> Any ETA on how long it takes for the patch to get to the Earlybird, from
> master?
If Magnus approves the patch tonight, it will be in Earlybird tomorrow ;-) Otherwise the day after it gets approved.
Ouch. I guess I haven't been watching nightly crash stats for a couple weeks.  This is our #1 crash in both...
https://crash-stats.mozilla.com/topcrashers/?product=Thunderbird&version=52.0a2
https://crash-stats.mozilla.com/topcrashers/?product=Thunderbird&version=53.0a1
Blocks: 316570
Crash Signature: [@ libxul.so@0xb18740 ] → [@ libxul.so@0xb18740 ] [@ nsMsgComposeAndSend::GetEmbeddedObjectInfo]
status-thunderbird52: --- → affected
status-thunderbird53: --- → affected
Component: Untriaged → Networking: SMTP
Keywords: stackwantedregression, topcrash-thunderbird
Product: Thunderbird → MailNews Core
Version: 52 Branch → 52
Comment on attachment 8817000 [details]
This is the signature that makes it crash (stripped down, of course)

You don't need this, this will already make it crash:

<a href="skype:name.surname.company?call" title="Skype">name.surname.Test</a>

A URL Gecko doesn't understand.
Attachment #8817000 - Attachment is obsolete: true
Same code, but nicer comment since we understand the problem now.
Attachment #8816998 - Attachment is obsolete: true
Attachment #8816998 - Flags: review?(mkmelin+mozilla)
Attachment #8817002 - Flags: review?(mkmelin+mozilla)
Comment on attachment 8817002 [details] [diff] [review]
1322223-crash-with-fancy-sig.patch (v1b).

Review of attachment 8817002 [details] [diff] [review]:
-----------------------------------------------------------------

LGTM, thx! r=mkmelin
Attachment #8817002 - Flags: review?(mkmelin+mozilla) → review+
Seems like you meant to block this one, not an old Mac installer bug. :)
Blocks: 1316570
Sorry Matt, I gave you the wrong bug. This was caused by the access-restricted bug.

I'll land my patch soon and close this bug here.
Blocks: 1151366
No longer blocks: 1316570
I'm landing something slightly different. Turns out that attachment->m_url was null if an error was ignored above. So proper error handling would have saved the day ;-)

I took the liberty to kill some super-ugly braces while I was there ;-)
Attachment #8817002 - Attachment is obsolete: true
Attachment #8817026 - Flags: review+
C-C (TB 53): https://hg.mozilla.org/comm-central/rev/8881e860371794a64312b206e086ec10f7f9a827
C-A (TB 52): https://hg.mozilla.org/releases/comm-aurora/rev/7268754697f9580ab2a546d52ffdd0fdbb404beb
Landed with yet another tweak to a comment ;-)

Daily and Earlybird of tomorrow won't show this crash any more.
Go and tell all your correspondents how to reach you on Skype ;-)
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
status-thunderbird52: affectedfixed
status-thunderbird53: affectedfixed
Resolution: --- → FIXED
Target Milestone: --- → Thunderbird 53.0
Attachment #8817026 - Flags: approval-comm-aurora+
Summary: Sending email in Earlybird crashes Earylbird → Sending email in Earlybird 52 crashes when anchor with non-standard protocol is contained in the message, for example <a href="skype: ...">
(must have hit the wrong key)
Component: Networking: SMTP → Composition
v.fixed - no crashes starting with 2016-12-07 build
Status: RESOLVED → VERIFIED
Whiteboard: [regression:TB52]
See Also: → 1381485
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: