Closed
Bug 245233
Opened 21 years ago
Closed 21 years ago
MailNews crashes [@ MimeMessage_parse_eof] when quickly viewing messages
Categories
(MailNews Core :: MIME, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: mcsmurf, Assigned: sspitzer)
References
Details
(Keywords: crash, regression)
Crash Data
With a current cvs trunk build Mozilla MailNews crashes when quickly viewing
messages/mails. To reproduce try this:
1st method: Move many mails to your trash folder and try to delete them by
holding the DEL key (MailNews views every message for a very short time).
Mozilla crashes after some mails here.
2nd method: Go to a newsgroup with many unread messages (here the messages were
all text only) and hold the Space key (MailNews views every message for a very
short time). After some posting it crashes.
Stacktrace for 1st method:
MimeMessage_parse_eof(MimeObject * 0x00000001, int 0x00000000) line 554 + 14 bytes
mime_display_stream_complete(_nsMIMESession * 0x062a49d0) line 928
nsStreamConverter::OnStopRequest(nsStreamConverter * const 0x04513920,
nsIRequest * 0x066ea93c, nsISupports * 0x0660b250, unsigned int 0x804b0002) line
1055 + 6 bytes
nsMsgProtocol::OnStopRequest(nsMsgProtocol * const 0x066ea938, nsIRequest *
0x066cf650, nsISupports * 0x0660b250, unsigned int 0x804b0002) line 362 + 15 bytes
nsMailboxProtocol::OnStopRequest(nsMailboxProtocol * const 0x00000000,
nsIRequest * 0x066cf650, nsISupports * 0x0660b250, unsigned int 0x804b0002) line 392
nsInputStreamPump::OnStateStop(nsInputStreamPump * const 0x00000000) line 506
nsInputStreamPump::OnInputStreamReady(nsInputStreamPump * const,
nsIAsyncInputStream *) line 341
Stacktrace for 2nd method:
MimeMessage_parse_eof(MimeObject * 0x00000001, int 0x00000000) line 554 + 14 bytes
mime_display_stream_complete(_nsMIMESession * 0x03405448) line 928
nsStreamConverter::OnStopRequest(nsStreamConverter * const 0x032d16d0,
nsIRequest * 0x03308250, nsISupports * 0x03c16e98, unsigned int 0x00000000) line
1055 + 6 bytes
nsDocumentOpenInfo::OnStopRequest(nsDocumentOpenInfo * const 0x032d16d0,
nsIRequest * 0x03308250, nsISupports * 0x03c16e98, unsigned int 0x00000000) line 360
nsStreamListenerTee::OnStopRequest(nsStreamListenerTee * const 0x03be4dd0,
nsIRequest * 0x03308250, nsISupports * 0x03c16e98, unsigned int 0x00000000) line
65 + 21 bytes
nsNNTPProtocol::CleanupAfterRunningUrl(nsNNTPProtocol * const 0x00000000) line 5361
nsNNTPProtocol::CloseSocket(nsNNTPProtocol * const 0x00000000) line 5405
nsNNTPProtocol::CloseConnection(nsNNTPProtocol * const 0x025775f6) line 5321
nsNNTPProtocol::ProcessProtocolState(nsNNTPProtocol * const 0x00000000, nsIURI *
0x01b346ae, nsIInputStream * 0x03c16e9c, unsigned int 0x03139aa8, unsigned int
0x00000000) line 5284 + 9 bytes
nsMsgProtocol::OnDataAvailable(nsMsgProtocol * const, nsIRequest *, nsISupports
*, nsIInputStream *, unsigned int, unsigned int) line 325 + 20 bytes
|
Reporter | |
Comment 1•21 years ago
|
||
(In reply to comment #0)
> 2nd method: Go to a newsgroup with many unread messages (here the messages were
> all text only) and hold the Space key (MailNews views every message for a very
> short time). After some posting it crashes.
I mean "After some postings/time it crashes." here.
|
|
Reporter | |
Comment 2•21 years ago
|
||
This regressed between 20040506 and 20040601, but i think the date where this
regressed is more towards 20040601 (can't test when this regressed, no bandwidth
to download builds).
|
||
Comment 3•21 years ago
|
||
I saw this too, when I entered a newsgroup and immediately pressed the spacebar.
Build 2004-05-31-08 on Windows XP.
|
|
||
Updated•21 years ago
|
Keywords: crash
Summary: MailNews crashes when quickly viewing messages → MailNews crashes [@ MimeMessage_parse_eof] when quickly viewing messages
|
||
Comment 4•21 years ago
|
||
Hmm, this is probably my fault. :-( I wonder if
- if(outer_p && ! msg->hdrs->done_p) {
+ if(outer_p && msg->hdrs && ! msg->hdrs->done_p) {
fixes the problem?
|
|
||
Comment 5•21 years ago
|
||
On the other hand, the traces both end with:
MimeMessage_parse_eof(MimeObject * 0x00000001, int 0x00000000)
Since the function is
static int MimeMessage_parse_eof (MimeObject *obj, PRBool abort_p)
does this mean that the function was called with a MimeObject pointer of
0x00000001 ???
|
|
Reporter | |
Comment 6•21 years ago
|
||
(In reply to comment #5)
> does this mean that the function was called with a MimeObject pointer of
> 0x00000001 ???
My debugger says so, yes.
|
||
Comment 7•21 years ago
|
||
I backed out the patch that introduced this crash. Hopefully Lorenzo and Frank
can figure out a fix :)
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
|
|
||
Comment 8•21 years ago
|
||
I can't reproduce this.
I tried both using a trunk CVS build of Thunderbird with attachment 149627 [details] [diff] [review]
applied and a nightly build of mozilla (2004060105) which should have the
offending checkin. This is using Linux.
This is what I did:
1. Start mozilla
2. Copy a few hundred messages from an IMAP inbox into a the Trash folder in
local folders.
3. Select Trash folder
4. Keep the DEL key pressed until all messages deleted
Result: the messages were deleted as expected with no crash.
|
|
||
Comment 9•21 years ago
|
||
Ah, got it (I think):
Program received signal SIGSEGV, Segmentation fault.
0x41af46e2 in MimeMessage_parse_eof (obj=0x8f3f158, abort_p=0) at mimemsg.cpp:554
554 if(outer_p && ! msg->hdrs->done_p) {
Current language: auto; currently c++
(gdb) bt
#0 0x41af46e2 in MimeMessage_parse_eof (obj=0x8f3f158, abort_p=0) at
mimemsg.cpp:554
#1 0x41b01529 in mime_display_stream_complete (stream=0x8351318) at
mimemoz2.cpp:964
#2 0x41b0ec57 in nsStreamConverter::OnStopRequest (this=0x950d690,
request=0x9519e98, ctxt=0x0,
status=2152398850) at nsStreamConverter.cpp:1014
#3 0x40d45e02 in nsDocumentOpenInfo::OnStopRequest ()
from [...]/mozilla/dist/bin/components/libdocshell.so
#4 0x409bad8e in nsStreamListenerTee::OnStopRequest ()
from [...]/mozilla/dist/bin/components/libnecko.so
[...]
(gdb) p msg->hdrs
$1 = (MimeHeaders *) 0x0
|
|
||
Comment 10•21 years ago
|
||
So I think what is happening here is that the stream is closed because before
the headers have been parsed, probably because the front end is already trying
to display the next message since this one has been deleted.
A null check on msg->hdrs should fix the crash:
- if(outer_p && ! msg->hdrs->done_p) {
+ if(outer_p && msg->hdrs && ! msg->hdrs->done_p) {
Verified FIXED with build 2004-06-30-08 on Windows XP.
Status: RESOLVED → VERIFIED
|
||
Updated•21 years ago
|
Product: MailNews → Core
|
||
Updated•17 years ago
|
Product: Core → MailNews Core
|
|
||
Updated•14 years ago
|
Crash Signature: [@ MimeMessage_parse_eof]
You need to log in
before you can comment on or make changes to this bug.
Description
•