Crash in [@ mozilla::detail::InvalidArrayIndex_CRASH | nsMsgDBView::NavigateFromPos]
Categories
(MailNews Core :: Backend, defect)
Tracking
(thunderbird_esr102 fixed)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr102 | --- | fixed |
People
(Reporter: wsmwk, Assigned: mkmelin)
References
Details
(Keywords: crash, Whiteboard: [snnot3p])
Crash Data
Attachments
(1 file)
|
48 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr102+
|
Details | Review |
Crash report: https://crash-stats.mozilla.org/report/index/61c28925-01ee-44e0-a332-211750230409
Reason: EXC_BAD_ACCESS / KERN_INVALID_ADDRESS
Deleted a few messages from search results.
Top 10 frames of crashing thread:
0 libmozglue.dylib MOZ_Crash mfbt/Assertions.h:261
0 libmozglue.dylib mozilla::detail::InvalidArrayIndex_CRASH mfbt/Assertions.cpp:50
1 XUL nsMsgDBView::NavigateFromPos mailnews/base/src/nsMsgDBView.cpp
2 XUL nsMsgDBView::ViewNavigate mailnews/base/src/nsMsgDBView.cpp:6240
3 XUL _NS_InvokeByIndex
4 XUL CallMethodHelper::Invoke js/xpconnect/src/XPCWrappedNative.cpp:1626
4 XUL CallMethodHelper::Call js/xpconnect/src/XPCWrappedNative.cpp:1179
4 XUL XPCWrappedNative::CallMethod js/xpconnect/src/XPCWrappedNative.cpp:1125
5 XUL XPC_WN_CallMethod js/xpconnect/src/XPCWrappedNativeJSOps.cpp:965
6 XUL CallJSNative js/src/vm/Interpreter.cpp:459
|
Reporter | |
Updated•1 year ago
|
|
|
Reporter | |
Comment 1•1 year ago
|
||
(In reply to Wayne Mery (:wsmwk) from comment #0)
Crash report: https://crash-stats.mozilla.org/report/index/61c28925-01ee-44e0-a332-211750230409
Reason:
EXC_BAD_ACCESS / KERN_INVALID_ADDRESSDeleted a few messages from search results.
bp-fe5804e7-da8e-4b16-9cdf-d8a440230424 113.0b3
More specific.
- Open a global search results list
- pick a message that will have several messages in its thread
- open in conversation
- click on one of the messages
- delete all messages except the last one the message list does not update, all the messages are still shown)
- try to navigate the list or click on one of the "deleted" messages
Bug 515400 comment 0 and bug 515400 comment 14 also have similar steps to reproduce.
There are other signatures with nsMsgDBView::NavigateFromPos on the stack but unclear which, if any, are related
|
Assignee | |
Comment 2•1 year ago
|
||
It looks possible that if invalid (too large) startIndex as passed in, we would crash.
|
||
Updated•1 year ago
|
|
|
Assignee | |
Updated•1 year ago
|
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/e32bae9b0636
Try to fix crash in [@ mozilla::detail::InvalidArrayIndex_CRASH | nsMsgDBView::NavigateFromPos]. r=BenC
|
|
Assignee | |
Comment 4•1 year ago
|
||
Comment on attachment 9330290 [details]
Bug 1827121 - Try to fix crash in [@ mozilla::detail::InvalidArrayIndex_CRASH | nsMsgDBView::NavigateFromPos]. r=BenC
[Approval Request Comment]
Crash fix, has been on beta.
|
|
Reporter | |
Comment 5•1 year ago
|
||
Comment on attachment 9330290 [details]
Bug 1827121 - Try to fix crash in [@ mozilla::detail::InvalidArrayIndex_CRASH | nsMsgDBView::NavigateFromPos]. r=BenC
[Triage Comment]
Approved for esr102
|
||
Comment 6•1 year ago
|
||
| bugherder uplift | ||
Thunderbird 102.11.1:
https://hg.mozilla.org/releases/comm-esr102/rev/7e15533cf619
Description
•