Closed Bug 14143 Opened 25 years ago Closed 25 years ago

Crash when no stream convert found

Categories

(MailNews Core :: Networking, defect, P3)

Product:
MailNews Core
Component:
Networking
Platform:
x86
Windows NT
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: jefft, Assigned: jud)

Details

Jud, looks like we are dereferencing a null pointer which causes to crash. Stack
follows:

    SCTableData *data = (SCTableData*)lBFSTable.Get(source);
==>    BFSState *state = (BFSState*)data->data;
    // XXX probably don't need this check.
    if (!state) return NS_ERROR_FAILURE;

    state->color = gray;
    state->distance = 0;
    nsDeque *grayQ = new nsDeque(0);

+	data	0x00000000
+	lBFSTable	{...}
+	source	0x04aa7340
+	state	0x045085c4
+	this	0x04183570


nsStreamConverterService::FindConverter(const char * 0x04aa6220, nsVoidArray * *
0x0012dfb4) line 346 + 3 bytes
nsStreamConverterService::AsyncConvertData(nsStreamConverterService * const
0x04183570, const unsigned short * 0x0012e08c, const unsigned short *
0x0012e11c, nsIStreamListener * 0x04aa7bf8, nsISupports * 0x04aa0b70,
nsIStreamListener * * 0x0012e164) line 611 + 16 bytes
nsMessenger::SaveAs(nsMessenger * const 0x030b28c0, const char * 0x04aa0fc0, int
1) line 584 + 114 bytes
XPTC_InvokeByIndex(nsISupports * 0x030b28c0, unsigned int 31, unsigned int 2,
nsXPTCVariant * 0x0012e33c) line 135
nsXPCWrappedNativeClass::CallWrappedMethod(JSContext * 0x021030d0,
nsXPCWrappedNative * 0x030b76e0, const XPCNativeMemberDescriptor * 0x030b7d24,
nsXPCWrappedNativeClass::CallMode CALL_METHOD, unsigned int 2, long *
0x0387e74c, long * 0x0012e55c) line 661 + 44 bytes
WrappedNative_CallMethod(JSContext * 0x021030d0, JSObject * 0x01e3eb08, unsigned
int 2, long * 0x0387e74c, long * 0x0012e55c) line 170 + 34 bytes
js_Invoke(JSContext * 0x021030d0, unsigned int 2, unsigned int 0) line 654 + 26
bytes
js_Interpret(JSContext * 0x021030d0, long * 0x0012ed8c) line 2228 + 15 bytes
js_Invoke(JSContext * 0x021030d0, unsigned int 0, unsigned int 0) line 670 + 13
bytes
js_Interpret(JSContext * 0x021030d0, long * 0x0012f578) line 2228 + 15 bytes
js_Invoke(JSContext * 0x021030d0, unsigned int 1, unsigned int 2) line 670 + 13
bytes
js_InternalCall(JSContext * 0x021030d0, JSObject * 0x01e3ef80, long 31715208,
unsigned int 1, long * 0x0012f694, long * 0x0012f6fc) line 747 + 15 bytes
JS_CallFunctionValue(JSContext * 0x021030d0, JSObject * 0x01e3ef80, long
31715208, unsigned int 1, long * 0x0012f694, long * 0x0012f6fc) line 2662 + 29
bytes
nsJSEventListener::HandleEvent(nsIDOMEvent * 0x04aa5e50) line 110 + 43 bytes
nsEventListenerManager::HandleEvent(nsIPresContext & {...}, nsEvent *
0x0012f918, nsIDOMEvent * * 0x0012f8e0, unsigned int 7, nsEventStatus &
nsEventStatus_eIgnore) line 1158 + 27 bytes
RDFElementImpl::HandleDOMEvent(RDFElementImpl * const 0x032eaf90, nsIPresContext
& {...}, nsEvent * 0x0012f918, nsIDOMEvent * * 0x0012f8e0, unsigned int 1,
nsEventStatus & nsEventStatus_eIgnore) line 2878
nsMenuFrame::Execute() line 956
nsMenuFrame::HandleEvent(nsMenuFrame * const 0x038a6938, nsIPresContext & {...},
nsGUIEvent * 0x0012fbe8, nsEventStatus & nsEventStatus_eConsumeDoDefault) line
238
PresShell::HandleEvent(PresShell * const 0x02a8cb34, nsIView * 0x045f1510,
nsGUIEvent * 0x0012fbe8, nsEventStatus & nsEventStatus_eConsumeDoDefault) line
2019 + 38 bytes
nsView::HandleEvent(nsView * const 0x045f1510, nsGUIEvent * 0x0012fbe8, unsigned
int 8, nsEventStatus & nsEventStatus_eConsumeDoDefault, int & 0) line 828
nsView::HandleEvent(nsView * const 0x02a8cf90, nsGUIEvent * 0x0012fbe8, unsigned
int 28, nsEventStatus & nsEventStatus_eConsumeDoDefault, int & 0) line 813
nsViewManager::DispatchEvent(nsViewManager * const 0x02a881c0, nsGUIEvent *
0x0012fbe8, nsEventStatus & nsEventStatus_eConsumeDoDefault) line 1644
HandleEvent(nsGUIEvent * 0x0012fbe8) line 63
nsWindow::DispatchEvent(nsWindow * const 0x045f3ee4, nsGUIEvent * 0x0012fbe8,
nsEventStatus & nsEventStatus_eIgnore) line 332 + 10 bytes
nsWindow::DispatchWindowEvent(nsGUIEvent * 0x0012fbe8) line 353
nsWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line 3160 +
21 bytes
ChildWindow::DispatchMouseEvent(unsigned int 301, nsPoint * 0x00000000) line
3378
nsWindow::ProcessMessage(unsigned int 514, unsigned int 0, long 655410, long *
0x0012fe08) line 2394 + 24 bytes
nsWindow::WindowProc(HWND__ * 0x002f0408, unsigned int 514, unsigned int 0, long
655410) line 401 + 27 bytes
USER32! 77e71820()
Status: NEW → ASSIGNED
Yea. I've seen this too. We're not supposed to get this far though. I need to
look at this. What stream converter are you trying to load? i.e. which from/to
types? And, have you registered them?
Whiteboard: I've got a fix
I've got a fix for this. I had originally written the code assuming, :), that
no-one would try to find a converter that wasn't regsistered. Poor assumption.
I'll checkin the fix when the tree opens.
Cool. Thanks much. I was hoping that someone already implemented text/html to
text/plain stream converter. So, I tried it with from = "message/rfc822" and to
= "text/plain"
fixed checked in 9/17/99 11am pac time
Status: ASSIGNED → RESOLVED
Closed: 25 years ago
Resolution: --- → FIXED
Whiteboard: I've got a fix
Status: RESOLVED → VERIFIED
Per jeff, this is now working.
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.