Closed Bug 1730389 Opened 11 months ago Closed 11 months ago

Crash in [@ InvalidArrayIndex_CRASH | nsMsgFilterAfterTheFact::ApplyFilter]

Categories

(Thunderbird :: General, defect)

Thunderbird 91
Unspecified
All
defect

Tracking

(thunderbird_esr91+ verified)

RESOLVED FIXED
94 Branch
Tracking Status
thunderbird_esr91 + verified

People

(Reporter: wsmwk, Assigned: mkmelin)

References

(Blocks 1 open bug)

Details

(Keywords: crash)

Crash Data

Attachments

(1 file)

another example of bug 1729778?

#47 crash for TB 91.1.0

Crash report: https://crash-stats.mozilla.org/report/index/151f2767-0f31-4459-af3a-570730210911

MOZ_CRASH Reason: ElementAt(aIndex = 0, aLength = 0)

Top 10 frames of crashing thread:

0 xul.dll InvalidArrayIndex_CRASH xpcom/ds/nsTArray.cpp:28
1 xul.dll nsMsgFilterAfterTheFact::ApplyFilter comm/mailnews/search/src/nsMsgFilterService.cpp:992
2 xul.dll nsMsgSearchSession::NotifyListenersDone comm/mailnews/search/src/nsMsgSearchSession.cpp:467
3 xul.dll static nsMsgSearchSession::TimerCallback comm/mailnews/search/src/nsMsgSearchSession.cpp:410
4 xul.dll nsTimerImpl::Fire xpcom/threads/nsTimerImpl.cpp:618
5 xul.dll nsTimerEvent::Run xpcom/threads/TimerThread.cpp:248
6 xul.dll mozilla::RunnableTask::Run xpcom/threads/TaskController.cpp:502
7 xul.dll mozilla::TaskController::DoExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:805
8 xul.dll mozilla::TaskController::ExecuteNextTaskOnlyMainThreadInternal xpcom/threads/TaskController.cpp:641
9 xul.dll mozilla::TaskController::ProcessPendingMTTask xpcom/threads/TaskController.cpp:425
Flags: needinfo?(benc)

Looks like the whole logging should be removed here: https://searchfox.org/comm-central/rev/15a241fd84b92b74caf0b75d70ffed980b3397d1/mailnews/search/src/nsMsgFilterService.cpp#992
If it failed, I don't think [0] would be accurate. It's crashing here because the array length is 0.

(In reply to Magnus Melin [:mkmelin] from comment #1)

If it failed, I don't think [0] would be accurate. It's crashing here because the array length is 0.

Yes. It's unclear to me if having an empty array is valid at this point or not. I suspect it isn't valid - why would you ever apply a filter to an empty set of messages? I think there's something going wrong further up the chain. I'll keep poking about.

Blocks: tb91found
Assignee: nobody → mkmelin+mozilla
Status: NEW → ASSIGNED
Flags: needinfo?(benc)

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/b82f66318b5b
fix Crash in [@ InvalidArrayIndex_CRASH | nsMsgFilterAfterTheFact::ApplyFilter]. r=benc

Status: ASSIGNED → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 94 Branch
OS: Windows 10 → All

Comment on attachment 9244064 [details]
Bug 1730389 - fix Crash in [@ InvalidArrayIndex_CRASH | nsMsgFilterAfterTheFact::ApplyFilter]. r=benc

[Approval Request Comment]
Crash fix, not risky.

Attachment #9244064 - Flags: approval-comm-esr91?

Comment on attachment 9244064 [details]
Bug 1730389 - fix Crash in [@ InvalidArrayIndex_CRASH | nsMsgFilterAfterTheFact::ApplyFilter]. r=benc

[Triage Comment]
Approved for esr91

Attachment #9244064 - Flags: approval-comm-esr91? → approval-comm-esr91+

I can see in crash-stats there are no reports from 91.2.1, so v.fixed

You need to log in before you can comment on or make changes to this bug.