Closed Bug 245233 Opened 21 years ago Closed 21 years ago

MailNews crashes [@ MimeMessage_parse_eof] when quickly viewing messages

Categories

(MailNews Core :: MIME, defect)

x86
Windows 2000
defect
Not set
critical

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: mcsmurf, Assigned: sspitzer)

References

Details

(Keywords: crash, regression)

Crash Data

With a current cvs trunk build Mozilla MailNews crashes when quickly viewing messages/mails. To reproduce try this: 1st method: Move many mails to your trash folder and try to delete them by holding the DEL key (MailNews views every message for a very short time). Mozilla crashes after some mails here. 2nd method: Go to a newsgroup with many unread messages (here the messages were all text only) and hold the Space key (MailNews views every message for a very short time). After some posting it crashes. Stacktrace for 1st method: MimeMessage_parse_eof(MimeObject * 0x00000001, int 0x00000000) line 554 + 14 bytes mime_display_stream_complete(_nsMIMESession * 0x062a49d0) line 928 nsStreamConverter::OnStopRequest(nsStreamConverter * const 0x04513920, nsIRequest * 0x066ea93c, nsISupports * 0x0660b250, unsigned int 0x804b0002) line 1055 + 6 bytes nsMsgProtocol::OnStopRequest(nsMsgProtocol * const 0x066ea938, nsIRequest * 0x066cf650, nsISupports * 0x0660b250, unsigned int 0x804b0002) line 362 + 15 bytes nsMailboxProtocol::OnStopRequest(nsMailboxProtocol * const 0x00000000, nsIRequest * 0x066cf650, nsISupports * 0x0660b250, unsigned int 0x804b0002) line 392 nsInputStreamPump::OnStateStop(nsInputStreamPump * const 0x00000000) line 506 nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const, nsIAsyncInputStream *) line 341 Stacktrace for 2nd method: MimeMessage_parse_eof(MimeObject * 0x00000001, int 0x00000000) line 554 + 14 bytes mime_display_stream_complete(_nsMIMESession * 0x03405448) line 928 nsStreamConverter::OnStopRequest(nsStreamConverter * const 0x032d16d0, nsIRequest * 0x03308250, nsISupports * 0x03c16e98, unsigned int 0x00000000) line 1055 + 6 bytes nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x032d16d0, nsIRequest * 0x03308250, nsISupports * 0x03c16e98, unsigned int 0x00000000) line 360 nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x03be4dd0, nsIRequest * 0x03308250, nsISupports * 0x03c16e98, unsigned int 0x00000000) line 65 + 21 bytes nsNNTPProtocol::CleanupAfterRunningUrl(nsNNTPProtocol * const 0x00000000) line 5361 nsNNTPProtocol::CloseSocket(nsNNTPProtocol * const 0x00000000) line 5405 nsNNTPProtocol::CloseConnection(nsNNTPProtocol * const 0x025775f6) line 5321 nsNNTPProtocol::ProcessProtocolState(nsNNTPProtocol * const 0x00000000, nsIURI * 0x01b346ae, nsIInputStream * 0x03c16e9c, unsigned int 0x03139aa8, unsigned int 0x00000000) line 5284 + 9 bytes nsMsgProtocol::OnDataAvailable(nsMsgProtocol * const, nsIRequest *, nsISupports *, nsIInputStream *, unsigned int, unsigned int) line 325 + 20 bytes
(In reply to comment #0) > 2nd method: Go to a newsgroup with many unread messages (here the messages were > all text only) and hold the Space key (MailNews views every message for a very > short time). After some posting it crashes. I mean "After some postings/time it crashes." here.
This regressed between 20040506 and 20040601, but i think the date where this regressed is more towards 20040601 (can't test when this regressed, no bandwidth to download builds).
I saw this too, when I entered a newsgroup and immediately pressed the spacebar. Build 2004-05-31-08 on Windows XP.
Keywords: crash
Summary: MailNews crashes when quickly viewing messages → MailNews crashes [@ MimeMessage_parse_eof] when quickly viewing messages
Depends on: 244722
Hmm, this is probably my fault. :-( I wonder if - if(outer_p && ! msg->hdrs->done_p) { + if(outer_p && msg->hdrs && ! msg->hdrs->done_p) { fixes the problem?
On the other hand, the traces both end with: MimeMessage_parse_eof(MimeObject * 0x00000001, int 0x00000000) Since the function is static int MimeMessage_parse_eof (MimeObject *obj, PRBool abort_p) does this mean that the function was called with a MimeObject pointer of 0x00000001 ???
(In reply to comment #5) > does this mean that the function was called with a MimeObject pointer of > 0x00000001 ??? My debugger says so, yes.
I backed out the patch that introduced this crash. Hopefully Lorenzo and Frank can figure out a fix :)
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
I can't reproduce this. I tried both using a trunk CVS build of Thunderbird with attachment 149627 [details] [diff] [review] applied and a nightly build of mozilla (2004060105) which should have the offending checkin. This is using Linux. This is what I did: 1. Start mozilla 2. Copy a few hundred messages from an IMAP inbox into a the Trash folder in local folders. 3. Select Trash folder 4. Keep the DEL key pressed until all messages deleted Result: the messages were deleted as expected with no crash.
Ah, got it (I think): Program received signal SIGSEGV, Segmentation fault. 0x41af46e2 in MimeMessage_parse_eof (obj=0x8f3f158, abort_p=0) at mimemsg.cpp:554 554 if(outer_p && ! msg->hdrs->done_p) { Current language: auto; currently c++ (gdb) bt #0 0x41af46e2 in MimeMessage_parse_eof (obj=0x8f3f158, abort_p=0) at mimemsg.cpp:554 #1 0x41b01529 in mime_display_stream_complete (stream=0x8351318) at mimemoz2.cpp:964 #2 0x41b0ec57 in nsStreamConverter::OnStopRequest (this=0x950d690, request=0x9519e98, ctxt=0x0, status=2152398850) at nsStreamConverter.cpp:1014 #3 0x40d45e02 in nsDocumentOpenInfo::OnStopRequest () from [...]/mozilla/dist/bin/components/libdocshell.so #4 0x409bad8e in nsStreamListenerTee::OnStopRequest () from [...]/mozilla/dist/bin/components/libnecko.so [...] (gdb) p msg->hdrs $1 = (MimeHeaders *) 0x0
So I think what is happening here is that the stream is closed because before the headers have been parsed, probably because the front end is already trying to display the next message since this one has been deleted. A null check on msg->hdrs should fix the crash: - if(outer_p && ! msg->hdrs->done_p) { + if(outer_p && msg->hdrs && ! msg->hdrs->done_p) {
Verified FIXED with build 2004-06-30-08 on Windows XP.
Status: RESOLVED → VERIFIED
Product: MailNews → Core
Product: Core → MailNews Core
Crash Signature: [@ MimeMessage_parse_eof]
You need to log in before you can comment on or make changes to this bug.