Closed Bug 1581390 Opened 5 years ago Closed 2 years ago

Crash in [@ arena_t::DallocSmall | je_free | nsImapServerResponseParser::ParseIMAPServerResponse] - something going wrong with fCurrentLine

Categories

(MailNews Core :: Networking: IMAP, defect)

Product:
MailNews Core
Component:
Networking: IMAP
Platform:
x86
Windows 10
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: wsmwk, Unassigned)

References

Details

(Keywords: crash)

Crash Data

This bug is for crash report bp-96ad71ce-e698-4327-918b-ef1720190914.

Top 10 frames of crashing thread:

0 mozglue.dll arena_t::DallocSmall memory/build/mozjemalloc.cpp:3257
1 mozglue.dll je_free memory/build/malloc_decls.h:41
2 xul.dll nsImapServerResponseParser::ParseIMAPServerResponse comm/mailnews/imap/src/nsImapServerResponseParser.cpp:163
3 xul.dll nsImapProtocol::ParseIMAPandCheckForNewMail comm/mailnews/imap/src/nsImapProtocol.cpp:1903
4 xul.dll nsImapProtocol::FetchMessage comm/mailnews/imap/src/nsImapProtocol.cpp:3583
5 xul.dll nsImapProtocol::FetchTryChunking comm/mailnews/imap/src/nsImapProtocol.cpp:3629
6 xul.dll nsIMAPBodypart::GeneratePart comm/mailnews/imap/src/nsIMAPBodyShell.cpp:413
7 xul.dll nsIMAPBodypartLeaf::Generate comm/mailnews/imap/src/nsIMAPBodyShell.cpp:529
8 xul.dll nsIMAPBodypartMultipart::Generate comm/mailnews/imap/src/nsIMAPBodyShell.cpp:894
9 xul.dll nsIMAPBodypartMultipart::Generate comm/mailnews/imap/src/nsIMAPBodyShell.cpp:894
See Also: → 1571808

Not seen in version 77 nor so far in 78. Though still happening in 68.*
bug 1571808 - nsIMAPGenericParser::ResetLexAnalyze- has similar characteristics

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME

(In reply to Wayne Mery (:wsmwk) from comment #1)

Not seen in version 77 nor so far in 78. Though still happening in 68.*
bug 1571808 - nsIMAPGenericParser::ResetLexAnalyze- has similar characteristics

In retrospect apparently I was not conservative enough in examining the numbers, at least by what can be seen in July 2020 numbers per https://crash-stats.mozilla.org/signature/?signature=arena_t%3A%3ADallocSmall%20%7C%20je_free%20%7C%20nsImapServerResponseParser%3A%3AParseIMAPServerResponse&date=%3E%3D2020-06-26T18%3A53%3A00.000Z&date=%3C2020-12-26T18%3A53%3A00.000Z#summary

Also, we have arena_t::DallocSmall | je_free | nsIMAPGenericParser::AdvanceToNextLine bp-17973d7d-3856-4b62-ad41-4f3150201224
0 mozglue.dll arena_t::DallocSmall(arena_chunk_t*, void*, arena_chunk_map_t*) memory/build/mozjemalloc.cpp:3337
1 mozglue.dll je_free(void*) memory/build/malloc_decls.h:54
2 xul.dll nsIMAPGenericParser::AdvanceToNextLine() comm/mailnews/imap/src/nsIMAPGenericParser.cpp:116
3 xul.dll nsImapServerResponseParser::msg_fetch_literal(bool, int) comm/mailnews/imap/src/nsImapServerResponseParser.cpp:2701
4 xul.dll nsImapServerResponseParser::msg_fetch_content(bool, int, char const*) comm/mailnews/imap/src/nsImapServerResponseParser.cpp:1864
5 xul.dll nsImapServerResponseParser::mime_part_data() comm/mailnews/imap/src/nsImapServerResponseParser.cpp:2314
6 xul.dll nsImapServerResponseParser::msg_fetch() comm/mailnews/imap/src/nsImapServerResponseParser.cpp:0
7 xul.dll nsImapServerResponseParser::response_data() comm/mailnews/imap/src/nsImapServerResponseParser.cpp:658
8 xul.dll nsImapServerResponseParser::ParseIMAPServerResponse(char const*, bool, char*) comm/mailnews/imap/src/nsImapServerResponseParser.cpp:188
9 xul.dll nsImapProtocol::ParseIMAPandCheckForNewMail(char const*, bool) comm/mailnews/imap/src/nsImapProtocol.cpp:1957
10 xul.dll nsImapProtocol::FetchMessage(nsTString<char> const&, <unnamed-tag>, char const*, unsigned int, unsigned int, char*) comm/mailnews/imap/src/nsImapProtocol.cpp:3640
11 xul.dll nsImapProtocol::FetchTryChunking(nsTString<char> const&, <unnamed-tag>, bool, char*, unsigned int, bool) comm/mailnews/imap/src/nsImapProtocol.cpp:3690
12 xul.dll nsIMAPBodypart::GeneratePart(nsIMAPBodyShell*, bool, bool) comm/mailnews/imap/src/nsIMAPBodyShell.cpp:412
13 xul.dll nsIMAPBodypartLeaf::Generate(nsIMAPBodyShell*, bool, bool) comm/mailnews/imap/src/nsIMAPBodyShell.cpp:528
14 xul.dll nsIMAPBodypartMultipart::Generate(nsIMAPBodyShell*, bool, bool) comm/mailnews/imap/src/nsIMAPBodyShell.cpp:893
15 xul.dll nsIMAPBodypartMultipart::Generate(nsIMAPBodyShell*, bool, bool) comm/mailnews/imap/src/nsIMAPBodyShell.cpp:893
16 xul.dll nsIMAPBodypartMessage::Generate(nsIMAPBodyShell*, bool, bool) comm/mailnews/imap/src/nsIMAPBodyShell.cpp:764
17 xul.dll nsIMAPBodyShell::Generate(char*) comm/mailnews/imap/src/nsIMAPBodyShell.cpp:227

Status: RESOLVED → REOPENED
Crash Signature: [@ arena_t::DallocSmall | je_free | nsImapServerResponseParser::ParseIMAPServerResponse] → [@ arena_t::DallocSmall | je_free | nsImapServerResponseParser::ParseIMAPServerResponse] [@ arena_t::DallocSmall | je_free | nsIMAPGenericParser::AdvanceToNextLine]
Flags: needinfo?(gds)
Resolution: WORKSFORME → ---
See Also: → 1581766

In both cases, call to PR_FREEIF(fCurrentLine); is crashing. But PR_FREEIF() is supposed to ignore a null parameter. So must be something going wrong with fCurrentLine other than being null/0. Other than this obvious observation, I have no useful info.

Flags: needinfo?(gds)
See Also: → 628646
Summary: Crash in [@ arena_t::DallocSmall | je_free | nsImapServerResponseParser::ParseIMAPServerResponse] → Crash in [@ arena_t::DallocSmall | je_free | nsImapServerResponseParser::ParseIMAPServerResponse] - something going wrong with fCurrentLine

Signature does not exist in version 102.

(In reply to gene smith from comment #3)

In both cases, call to PR_FREEIF(fCurrentLine); is crashing. But PR_FREEIF() is supposed to ignore a null parameter. So must be something going wrong with fCurrentLine other than being null/0. Other than this obvious observation, I have no useful info.

Worth keeping open?

Flags: needinfo?(mkmelin+mozilla)

IDK, but we're a bit unlikely to fix it.

Flags: needinfo?(mkmelin+mozilla)

true

Status: REOPENED → RESOLVED
Closed: 4 years ago2 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.