Closed
Bug 1571808
Opened 6 years ago
Closed 5 years ago
Crash in [@ arena_t::DallocSmall | je_free | nsIMAPGenericParser::ResetLexAnalyzer] via nsIMAPBodypart (corrupt or overwritten memory)
Categories
(MailNews Core :: Networking: IMAP, defect)
Tracking
(thunderbird_esr68- affected, thunderbird75 wontfix, thunderbird76 wontfix, thunderbird77 unaffected)
RESOLVED
WORKSFORME
| Tracking | Status | |
|---|---|---|
| thunderbird_esr68 | - | affected |
| thunderbird75 | --- | wontfix |
| thunderbird76 | --- | wontfix |
| thunderbird77 | --- | unaffected |
People
(Reporter: wsmwk, Unassigned)
References
Details
(Keywords: crash, regression)
Crash Data
First appears 68.0b<something>
This bug is for crash report bp-8309ceae-08a5-4c5e-8ffe-a6db50190710.
Top 10 frames of crashing thread:
0 mozglue.dll arena_t::DallocSmall memory/build/mozjemalloc.cpp:3257
1 mozglue.dll je_free memory/build/malloc_decls.h:41
2 xul.dll nsIMAPGenericParser::ResetLexAnalyzer comm/mailnews/imap/src/nsIMAPGenericParser.cpp:30
3 xul.dll nsImapServerResponseParser::ParseIMAPServerResponse comm/mailnews/imap/src/nsImapServerResponseParser.cpp:176
4 xul.dll nsImapProtocol::ParseIMAPandCheckForNewMail comm/mailnews/imap/src/nsImapProtocol.cpp:1905
5 xul.dll nsImapProtocol::FetchMessage comm/mailnews/imap/src/nsImapProtocol.cpp:3585
6 xul.dll nsImapProtocol::FetchTryChunking comm/mailnews/imap/src/nsImapProtocol.cpp:3631
7 xul.dll nsIMAPBodypart::GeneratePart comm/mailnews/imap/src/nsIMAPBodyShell.cpp:413
8 xul.dll nsIMAPBodypartLeaf::Generate comm/mailnews/imap/src/nsIMAPBodyShell.cpp:529
9 xul.dll nsIMAPBodypartMultipart::Generate comm/mailnews/imap/src/nsIMAPBodyShell.cpp:894
|
Reporter | |
Updated•6 years ago
|
Version: unspecified → 68
|
||
Comment 1•6 years ago
|
||
Doesn't look good: nsIMAPGenericParser.cpp:30 is
void nsIMAPGenericParser::ResetLexAnalyzer() {
30 PR_FREEIF(fCurrentLine);
PR_FREEIF(fStartOfLineOfTokens);
So "free if" will check for null. If it crashes in the free, that means that the memory is corrupt, has been overwritten or some such :-(
|
|
Reporter | |
Comment 2•5 years ago
|
||
signatures with lower crash rates
- arena_t::DallocSmall | arena_dalloc | Allocator<T>::free | nsIMAPGenericParser::ResetLexAnalyzer (beta)
- je_free | nsIMAPGenericParser::ResetLexAnalyzer
- arena_t::DallocSmall | arena_dalloc | nsIMAPGenericParser::ResetLexAnalyzer
Crash Signature: [@ arena_t::DallocSmall | je_free | nsIMAPGenericParser::ResetLexAnalyzer] → [@ arena_t::DallocSmall | je_free | nsIMAPGenericParser::ResetLexAnalyzer]
[@ t::DallocSmall | arena_dalloc | Allocator<T>::free | nsIMAPGenericParser::ResetLexAnalyzer]
[@ je_free | nsIMAPGenericParser::ResetLexAnalyzer]
[@ arena_t::DallocSmall | aren…
status-thunderbird75:
--- → wontfix
status-thunderbird76:
--- → affected
status-thunderbird_esr68:
--- → affected
tracking-thunderbird_esr68:
--- → ?
Keywords: topcrash-thunderbird
Summary: Crash in [@ arena_t::DallocSmall | je_free | nsIMAPGenericParser::ResetLexAnalyzer] → Crash in [@ arena_t::DallocSmall | je_free | nsIMAPGenericParser::ResetLexAnalyzer] via nsIMAPBodypart (corrupt or overwritten memory)
|
|
Reporter | |
Comment 3•5 years ago
|
||
Not seen in version 77 nor so far in 78. Though still happening in 68.*
bug 1581390 - nsIMAPGenericParser::ResetLexAnalyze- has similar characteristics
status-thunderbird77:
--- → unaffected
Keywords: topcrash-thunderbird
|
|
Reporter | |
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•