Closed Bug 223920 Opened 22 years ago Closed 22 years ago

mailnews crashes if you try to open an attached email with a non-lowercase mime type

Categories

(MailNews Core :: MIME, defect)

Product:
MailNews Core
Component:
MIME
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: samuel, Assigned: sspitzer)

Details

(Keywords: crash)

Attachments

(3 files)

here's a message
8.83 KB, message/rfc822
Details
log of opening the message
90.33 KB, text/plain
Details
proposed fix
1.01 KB, patch
Details | Diff | Splinter Review
As often occurs when forwarding email, an entire email message is attached. When a WebTV user forwards such a message it has content-type of "Message/RFC822". This *is* valid according to RFC 2045 - "Matching of media type and subtype is ALWAYS case-insensitive". However, mailnews will go into an infinite recursion with the following stack trace (repeated endlessly): #10 0x425b6c31 in nsDocumentOpenInfo::OnStartRequest(nsIRequest*, nsISupports*) (this=0x8fce0c8, request=0x88005d0, aCtxt=0x0) at nsURILoader.cpp:272 #11 0x43d46bd3 in nsStreamConverter::OnStartRequest(nsIRequest*, nsISupports*) (this=0x8fce358, request=0x88005d0, ctxt=0x0) at nsStreamConverter.cpp:997
Keywords: crash
To be more clear, the "this" values keep changing, it's not looping on the same objects, it creates new ones each time.
Note that the nsIChannel api says (http://lxr.mozilla.org/seamonkey/source/netwerk/base/public/nsIChannel.idl#122): "The value of the contentType attribute is a lowercase string." That is, the channel is supposed to handle getting it into lowercase. Does mailnews actually do that? Finally, which exact build are you using? Is it pretty recent? If so, could you apply the patch in bug 223694 and attach a log generated with that patch to this bug? NSPR_LOG_MODULES=URILoader:5 is what you'll want. I'd like to keep the URILoader from hanging even in the face of hostile channels and stream converters if possible....
hm, I thought I fixed some mailnews channels to really return a lowercase string for the contenttype. which mozilla version are you using, and what kind of message did you load? (nntp, imap, local mailbox)?
It happens with both imap and local. I'm using a CVS build that's a couple of days old. When I was looking at it in the debugger, the mime type does appear to get lowercased. From this part of the stack trace: #8 0x425b7e61 in nsDocumentOpenInfo::ConvertData(nsIRequest*, nsIURIContentListener*, nsACString const&, nsACString const&) (this=0x8fce0c8, request=0x88005d0, aListener=0x87b6fb8, aSrcContentType=@0x8fce0e4, aOutContentType=@0xbff92340) at nsURILoader.cpp:547 #9 0x425b78f5 in nsDocumentOpenInfo::DispatchContent(nsIRequest*, nsISupports*) (this=0x8fce0c8, request=0x88005d0, aCtxt=0x0) at nsURILoader.cpp:469 #10 0x425b6c31 in nsDocumentOpenInfo::OnStartRequest(nsIRequest*, nsISupports*) (this=0x8fce0c8, request=0x88005d0, aCtxt=0x0) at nsURILoader.cpp:272 in nsDocumentOpenInfo::ConvertData, aSrcContentType is "message/rfc822" and aOutContentType is "*/*". I will try that patch later.
btw, there's no attached message.
Attached file here's a message
If you have "view attachments inline" set, then it will show up fine and there will be 2 attachments in the attachment box. If you open the second attachment, there is no problem, but if you open the first attachment, it will crash.
I open the second attachment first, then the first one. The log gets very repetitive after that. :-)
Based on that log, it looks like the converter never changes the type on the channel, so the data coming out of the converter still claims to message/rfc822, so we end up stuffing it through the same converter again.... I suppose I could impose a max nesting depth of eg 10 or so; if more than that many nsDocumentOpenInfos are chained and we have no listener, we just skip directly to the helper app service instead of messing around with stream converters... But that wouldn't help with the whole "want to view the attachment" issue in this bug.
So what is the difference between the 2 attachments? Why does having the mime-type with uppercase characters make a difference? If I change the mime-type to be all lowercase, there is no problem.
From the point of view of the URILoader, they look identical... But the mailnews converter is hosed. The URL on the channel is: imap://samuel@gw:143/fetch%3EUID%3E.INBOX%3E72350?part=1.2&type=Message/RFC822&filename=This%20one%20will%20crash%20mozilla..eml Note the "&type=Message/RFC822". Now we fall into the code at http://lxr.mozilla.org/seamonkey/source/mailnews/mime/src/nsStreamConverter.cpp#486 Those comparisons need to be case-insensitive, I bet.
Attached patch proposed fixSplinter Review
fix checked in, r/sr=mscott, over aim.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
With that patch, it doesn't crash, but it also doesn't show the message. The window comes up, but there's no text in it.
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: