Closed Bug 264133 Opened 20 years ago Closed 16 years ago

suite only mail crash [@ 0x00000000 - nsMsgSearchScopeTerm::TimeSlice ] [@ nsMsgSearchScopeTerm::TimeSlice() ]

Categories

(SeaMonkey :: MailNews: Message Display, defect)

Product:
SeaMonkey
Component:
MailNews: Message Display
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: aha, Unassigned)

Details

(Keywords: crash)

Crash Data

I met crash with 2004101006/trunk/W2K while switching filter views on folder,
maybe messages were downloading in background. I can't easily reproduce.

TB1263962G:
0x00000000
nsMsgSearchScopeTerm::TimeSlice 
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgSearchTerm.cpp,
line 1500]
nsMsgSearchSession::TimeSliceSerial 
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgSearchSession.cpp,
line 688]
nsMsgSearchSession::TimerCallback 
[c:/builds/tinderbox/MozillaTrunk/WINNT_5.0_Clobber/mozilla/mailnews/base/search/src/nsMsgSearchSession.cpp,
line 518]

There are some other crashes with this signature:
http://talkback-public.mozilla.org/talkback/fastfind.jsp?search=1&searchby=stacksig&match=contains&searchfor=nsMsgSearchScopeTerm%3A%3ATimeSlice&vendor=All&product=All&platform=All&buildid=&sdate=&stime=&edate=&etime=
null pointer, could use a null check.
1499   return m_adapter /* 0x0 */->Search(aDone);

 the code has unchecked allocs all over

 nsMsgSearchScopeTerm::InitializeAdapter should do something for
NS_SUCCEEDED(err) && !m_adapter to transition err to NS_ERROR_OUT_OF_MEMORY

1546   if (m_adapter)
1547     err = m_adapter->ValidateTerms ();
Product: Browser → Seamonkey
I can confirm this bug - I can fairly reliably reproduce it.  The steps I'm
doing are:
* Create a search folder called 'To Do' (filtering on things with label=todo)
* Go to inbox, select a message and label as Todo (no other messages I have are
'todo')
* Go to the search folder, you'll see that message now listed
* Label it as none
* Go back to the inbox, and then back to the search folder

The last step sometimes needs repeating.

There's an assertion fail (###!!! ASSERTION: nsTDependentSubstring must wrap a
non-NULL buffer: 'start && end', file
f:\mozilla\xpcom\string\src\nsTDependentSubstring.cpp, line 76) then a crash
with what looks like a freed or uninitialised nsMsgSearchSession - all its
members are 0xdddddddd, so when it does a call to GetRunningScope() it crashes
as m_idxRunningScope is 0xdddddddd.
Assignee: sspitzer → mail
Seems now only to affect 1.7 branch builds (Moz17/TB10), see Talkback link, 37
incidents. All platforms. For example same as comment 0 see TB8810867.
Confirming based on the incident reports.
Status: UNCONFIRMED → NEW
Ever confirmed: true
OS: Windows 2000 → All
Hardware: PC → All
Summary: crash [@ 0x00000000 - nsMsgSearchScopeTerm::TimeSlice ] → crash [@ 0x00000000 - nsMsgSearchScopeTerm::TimeSlice ] [@ nsMsgSearchScopeTerm::TimeSlice() ]
any similar code/crashes in tbird?
if it's only affecting 1.7.x, it most likely doesn't affect TB. I can try the steps, however. I think this was because of a ref-counting problem with the search session that has since been fixed.
Summary: crash [@ 0x00000000 - nsMsgSearchScopeTerm::TimeSlice ] [@ nsMsgSearchScopeTerm::TimeSlice() ] → suite only mail crash [@ 0x00000000 - nsMsgSearchScopeTerm::TimeSlice ] [@ nsMsgSearchScopeTerm::TimeSlice() ]
Component: MailNews: Search → MailNews: Message Display
QA Contact: search
=> WFM per comment 5.  Please reopen if you still see thie problem
Assignee: mail → nobody
Status: NEW → RESOLVED
Closed: 16 years ago
QA Contact: search → message-display
Resolution: --- → WORKSFORME
Crash Signature: [@ 0x00000000 - nsMsgSearchScopeTerm::TimeSlice ] [@ nsMsgSearchScopeTerm::TimeSlice() ]
You need to log in before you can comment on or make changes to this bug.