Closed
Bug 1364977
Opened 8 years ago
Closed 8 years ago
e-mail compose in SeaMonkey crashes [@ InvalidArrayIndex_CRASH | nsTArray_Impl<T>::ElementAt | nsCommandManager::CommandStatusChanged ]
Categories
(SeaMonkey :: MailNews: Composition, defect, P3)
Tracking
(seamonkey2.48 fixed, seamonkey2.49esr fixed, seamonkey2.50 wontfix, seamonkey2.51 fixed, seamonkey2.52 fixed)
RESOLVED
FIXED
seamonkey2.52
People
(Reporter: frg, Assigned: frg)
References
Details
(Keywords: crash, regression)
Crash Data
Attachments
(2 files, 3 obsolete files)
5.84 KB,
patch
|
frg
:
review+
iannbugzilla
:
approval-comm-beta+
iannbugzilla
:
approval-comm-release+
iannbugzilla
:
approval-comm-esr52+
|
Details | Diff | Splinter Review |
1.02 KB,
patch
|
aceman
:
review+
|
Details | Diff | Splinter Review |
+++ This bug was initially created as a clone of Bug #1308923 +++
User agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0 SeaMonkey/2.48a2
Build identifier: 20161006025928
Reproduction:
1. open new message compose windows with Ctrl+M
Actual:
New window appears and than SeaMonkey crashes.
https://crash-stats.mozilla.com/report/index/7c766d92-2115-49be-b8b3-855732161010
MOZ_CRASH Reason ElementAt(aIndex = 2, aLength = 2)
I am creating a new bug for SeaMonkey only because it also happens in Thunderbird with different code in place. The cause for this must be different.
In SeaMonkey it happens in:
https://dxr.mozilla.org/comm-central/source/suite/mailnews/compose/MsgComposeCommands.js
The obs_documentCreated observer is removed while observing said topic. This causes a crash in embedding/components/commandhandler/nsCommandManager.cpp because the observer array size is not supposed to change there. It does not happen on all systems.
Assignee | ||
Comment 1•8 years ago
|
||
I am not so familiar with commandObservers. I am assuming that each editor has its own CommandManager and can have different observers. If this is not the case the patch might need changes. Tested with several windows and it worked. No errors reported in the console.
Attachment #8867793 -
Flags: review?(iann_bugzilla)
Assignee | ||
Updated•8 years ago
|
Blocks: 2.49BulkMalfunctions
Assignee | ||
Updated•8 years ago
|
Blocks: 2.51BulkMalfunctions
Assignee | ||
Updated•8 years ago
|
Blocks: 2.52BulkMalfunctions
Comment on attachment 8867793 [details] [diff] [review]
1364977-messagecrash.patch
Is it worth revisiting the some of the suggestions from bug 468740?
Assignee | ||
Comment 3•8 years ago
|
||
Not removing the observer in the observer causes bug 468740 again. Per Neil in Bug 468740 Comment 4 using the openURL function from toolkit's contentAreaUtils.js could be used. I opted to take the OpenSelectedAttachment function from TBs OpenSelectedAttachment MsgComposeCommands.js which more or less does the same. Just Reformatted it.
Instead of the call to Services.io.newChannelFromURI2 this could be used:
> let channel = NetUtil.newChannel({
> uri,
> loadUsingSystemPrincipal: true
> });
But it uses the same exact call to newChannelFromURI2 internally and for clarity I actually prefer the TB code.
Attachment #8867793 -
Attachment is obsolete: true
Attachment #8867793 -
Flags: review?(iann_bugzilla)
Attachment #8869848 -
Flags: review?(iann_bugzilla)
Assignee | ||
Updated•8 years ago
|
Blocks: SeaMonkey2.49ESR
tracking-seamonkey2.48:
--- → ?
Comment on attachment 8869848 [details] [diff] [review]
1364977-messagecrash-V2.patch
> function OpenSelectedAttachment()
> {
>+ let bucket = document.getElementById("attachmentBucket");
>+ if (bucket.selectedItems.length == 1) {
>+ let attachmentUrl = bucket.getSelectedItem(0).attachment.url;
>+
>+ let messagePrefix = /^mailbox-message:|^imap-message:|^news-message:/i;
>+ if (messagePrefix.test(attachmentUrl)) {
>+ // We must be dealing with a forwarded attachment, treat this special.
Nit: specially
>+ let msgHdr = gMessenger.messageServiceFromURI(attachmentUrl).messageURIToMsgHdr(attachmentUrl);
I'd prefer to stick with gMessenger.msgHdrFromURI(attachmentUrl) here.
r=me
Attachment #8869848 -
Flags: review?(iann_bugzilla) → review+
Assignee | ||
Comment 5•8 years ago
|
||
NIT fixed. First thought the different message header processing was a recent change but it seems to be so for ages. Only did go back to 1.9.1.
https://hg.mozilla.org/comm-central/rev/1694753e30a0ca0f1231f59bd63aee43bf5728e9
[Approval Request Comment]
Regression caused by (bug #):
User impact if declined: SeaMonkey might crash when trying to compose an email.
Testing completed (on m-c, etc.): comm-esr52 to comm-central
Risk to taking this patch (and alternatives if risky): low risk and no alternative.
String changes made by this patch: none
c-r approval is meant for 2.48
Attachment #8869848 -
Attachment is obsolete: true
Attachment #8874359 -
Flags: review+
Attachment #8874359 -
Flags: approval-comm-release?
Attachment #8874359 -
Flags: approval-comm-esr52?
Attachment #8874359 -
Flags: approval-comm-beta?
Assignee | ||
Updated•8 years ago
|
Assignee | ||
Updated•8 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → seamonkey2.52
Version: Trunk → SeaMonkey 2.47 Branch
Comment on attachment 8874359 [details] [diff] [review]
1364977-messagecrash-V2a.patch
a=me for the requested repos
Attachment #8874359 -
Flags: approval-comm-release?
Attachment #8874359 -
Flags: approval-comm-release+
Attachment #8874359 -
Flags: approval-comm-esr52?
Attachment #8874359 -
Flags: approval-comm-esr52+
Attachment #8874359 -
Flags: approval-comm-beta?
Attachment #8874359 -
Flags: approval-comm-beta+
Assignee | ||
Comment 7•8 years ago
|
||
Assignee | ||
Updated•8 years ago
|
tracking-seamonkey2.48:
? → ---
Assignee | ||
Comment 8•8 years ago
|
||
Drat I goofed. Forgot that the patch needed 2 small changes for 2.48 and 2.49:
https://hg.mozilla.org/releases/comm-esr52/rev/7f2073ee1fa4dc0fdf75f65d0228cdfeafc7bba1
https://hg.mozilla.org/releases/comm-release/rev/156fd1a6486a07df761b712c01621a37716f36b2
So is this also needed in Thunderbird? Is bug 1308923 the TB version?
Comment 10•7 years ago
|
||
As FRG observed in bug 1308923 comment #28, we never remove the observer added with this call:
GetCurrentCommandManager().
addCommandObserver(gMsgEditorCreationObserver, "obs_documentCreated");
For good house-keeping we could remove it in ComposeUnload().
We already have the nsAttachmentOpener stuff from the SM patch.
Comment 11•7 years ago
|
||
Attachment #8875483 -
Flags: review?(acelists)
Comment 12•7 years ago
|
||
Attachment #8875483 -
Attachment is obsolete: true
Attachment #8875483 -
Flags: review?(acelists)
Attachment #8875485 -
Flags: review?(acelists)
Comment 13•7 years ago
|
||
Comment on attachment 8875485 [details] [diff] [review]
1364977.patch - TB patch for the same issue.
Review of attachment 8875485 [details] [diff] [review]:
-----------------------------------------------------------------
Thanks. So does this fix bug 1308923 or is that different?
Attachment #8875485 -
Flags: review?(acelists) → review+
Assignee | ||
Comment 14•7 years ago
|
||
aceman. Not sure but I think not. The problem here was that it was removed during notification processing so the array used in the calling code changed. That is also why I spun off this bug. There must be other causes for this but probably only add-on related.
Comment 15•7 years ago
|
||
Landed for Thunderbird, won't do uplifts:
https://hg.mozilla.org/comm-central/rev/16d84314fbf7d7b505aeee78674127f38dc1d1a9
Sorry for hijacking your bug ;-)
Assignee | ||
Updated•7 years ago
|
No longer blocks: 2.51BulkMalfunctions
Assignee | ||
Updated•7 years ago
|
Blocks: 2.51BulkMalfunctions
You need to log in
before you can comment on or make changes to this bug.
Description
•