Closed Bug 269020 Opened 21 years ago Closed 21 years ago

Assertion in mimemult.cpp:MimeMultipart_close_child (cont->nchildren > 0) right after POP3 collection

Categories

(MailNews Core :: MIME, defect)

Product:
MailNews Core
Component:
MIME
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: mozilla-bugs, Assigned: sspitzer)

Details

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8a4) Gecko/20041105 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.8a4) Gecko/20041105 After retrieving all mail email via POP3, Mozilla crashed. I had it running under gdb at the time so have a stack trace. Looking at the SPAM email I can note two possible causes: 1) This is a MIME email and so the usual MIME text line exists, but there is an extra line trying to look like a header, but because of the blank line above it is in the body. 2) The text/plain part of the MIME is empty. It contains headers, but no blank line and no body. Given the contents of the buffer in stack frame 9 & 10, it was at this point I believe the assertion to have occured. I have not tried to reproduce it, Mozilla boots back up again and can handle the message fine that is stored in the local folders. Maybe my filters or junk filter processing after receiving the email had a particular problem with this message ? [___TAKEN_FROM_MOZILLA_LOCAL_FOLDER___] From - Thu Nov 11 00:05:18 2004 X-Account-Key: account1 X-UIDL: <200410031490.i93SvdTw001081@www8.pochta.ru> X-Mozilla-Status: 0000 X-Mozilla-Status2: 00000000 Received: from [61.175.192.29] ([61.175.192.29]:3600 "HELO TLDS_ZXH" TLS-CIPHER: <none> TLS-PEER-CN1: <none>) by relay-1.netbauds.net with SMTP id S7656426AbUKJVr6 (ORCPT <rfc822;darryl@netbauds.net>); Wed, 10 Nov 2004 21:47:58 +0000 Received: From [81.211.64.27](HELO = www7.POCHTA.ru) Received: (from www@localhost) by www6.pochta.ru (8.13.1/8.13.1) id i93ErrTw009201; Thu, 11 Nov 2004 04:49:25 -0500 (MSD) (envelope-from jaladden@mail.bulgaria.com) Date: Thu, 11 Nov 2004 04:49:25 -0500 (MSD) Message-Id: <200410031490.i93SvdTw001081@www8.pochta.ru> From: "Canadian Rx 6" <jaladden@mail.bulgaria.com> To: darryl@netbauds.net Subject: No Charge Mime-Version: 1.0 Content-Type: multipart/related; boundary="----------A85392133248411" Return-Path: <jaladden@mail.bulgaria.com> X-message-flag: Authentic Sender, Hash: FIOJVSEG This is a multi-part message in MIME format. ------------A85392133248411 Content-Type: multipart/alternative; boundary="----------A75587213057526" ------------A75587213057526 Content-Type: text/plain; Charset = "us-ascii" Content-Transfer-Encoding: 7bit ------------A75587213057526 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit <html> <head> <title>borrow</title> </head> <body> <p>&nbsp;</p> <p> [.....SNIP...] </html> ------------A75587213057526-- ------------A85392133248411 Content-Type: image/gif; name="cialis2.GIF" Content-Transfer-Encoding: base64 Content-ID: <TEHLGFIC.RELRPHSD.PEQWBJGD.NFUEKLQE_csseditor> R0lGODlhWgB4APcAAKGalPy8FKPCwrGsqeTj4/3bZreTWODr69zn6/b29+OiFdaVF+Z0 KPzLPNTg4MeDT5mUjZOursnW1pOVlK+po/y6DtSVG+vx8cqTKvy4Afr4+KqUcPzNQf/+ /vzbbKeLfvzeefvgtLi3tP3VVLPIyPnx84aoqIirq8nHxbiwpqjBwfHq3d+eFP3Zi/zF [......SNIP.....] eZIWKZIi95L3GJMl4ZM1qY8sOZQ0aZJGCUQeuZNPSZBNiZM/WZU5yZNJWZRZaZNaCZRY WX0eCZZjWY9AqIJquZZBiZZu+ZZwGZdyOZd0WZd2eZd4mZdiExAAOB== ------------A85392133248411-- [END_OF_MESSAGE] Incorporate message complete. Incorporate message begin: uidl string: <00d001c4c781$79e73280$0201a8c0@TheWhites> Incorporate message complete. End mail message delivery. WARNING: nsMsgProtocol::SetContentCharset() not implemented, file nsMsgProtocol. cpp, line 594 WARNING: nsMsgProtocol::SetContentCharset() not implemented, file nsMsgProtocol. cpp, line 594 WARNING: nsMsgProtocol::SetContentCharset() not implemented, file nsMsgProtocol. cpp, line 594 Assertion failure: cont->nchildren > 0, at mimemult.cpp:493 Program received signal SIGABRT, Aborted. [Switching to Thread 16384 (LWP 2827)] 0x4052ddf1 in kill () from /lib/libc.so.6 (gdb) where #0 0x4052ddf1 in kill () from /lib/libc.so.6 #1 0x40140f4a in pthread_kill () from /lib/libpthread.so.0 #2 0x40141285 in raise () from /lib/libpthread.so.0 #3 0x4052dbca in raise () from /lib/libc.so.6 #4 0x4052ede5 in abort () from /lib/libc.so.6 #5 0x400e82b9 in PR_Assert (s=0x42c7ea9f "cont->nchildren > 0", file=0x42c7e90e "mimemult.cpp", ln=493) at prlog.c:538 #6 0x42c4de2b in MimeMultipart_close_child (object=0x45e75920) at mimemult.cpp:493 #7 0x42c4d4dc in MimeMultipart_parse_line ( line=0x459d6068 '-' <repeats 12 times>, "A75587213057526\n", length=28, obj=0x45e75920) at mimemult.cpp:177 #8 0x42c58649 in convert_and_send_buffer ( buf=0x459d6068 '-' <repeats 12 times>, "A75587213057526\n", length=28, convert_newlines_p=1, per_line_fn=0x42c4d39c <MimeMultipart_parse_line>, closure=0x45e75920) at mimebuf.cpp:185 #9 0x42c58882 in mime_LineBuffer ( net_buffer=0x454a774b '-' <repeats 12 times>, "A75587213057526\nContent-Type : text/html; charset=us-ascii\nContent-Transfer-Encoding: 7bit\n\n\n<html>\n\n<h ead>\n\n<title>borrow</title>\n</head>\n\n<body>\n\n<p>&nbsp;</p>\n<p>\n&nbsp;& bsp;&nbsp;&nbsp"..., net_buffer_size=726, bufferP=0x45e75948, buffer_sizeP=0x45e75950, buffer_fpP=0x45e75958, convert_newlines_p=1, per_line_fn=0x42c4d39c <MimeMultipart_parse_line>, closure=0x45e75920) at mimebuf.cpp:271 #10 0x42c4ec87 in MimeObject_parse_buffer ( buffer=0x454a76d8 '-' <repeats 12 times>, "A75587213057526\nContent-Type: te xt/plain;\n Charset = \"us-ascii\"\nContent-Transfer-Encoding: 7bit\n", ' -' <repeats 12 times>, "A75587213057526\nContent-Type: text/html; charset=us-asc ii\nContent-Transfe"..., size=841, obj=0x45e75920) at mimeobj.cpp:263 #11 0x42c496a7 in MimeMultipartRelated_parse_eof (obj=0x44909178, abort_p=0) at mimemrel.cpp:1065 #12 0x42c3b4ba in MimeContainer_parse_eof (object=0x44927268, abort_p=0) at mimecont.cpp:141 #13 0x42c4b100 in MimeMessage_parse_eof (obj=0x44927268, abort_p=0) at mimemsg.cpp:550 #14 0x42c5ab7e in mime_display_stream_complete (stream=0x4346cc60) at mimemoz2.cpp:964 #15 0x42c6b5a5 in nsStreamConverter::OnStopRequest(nsIRequest*, nsISupports*, un signed) (this=0x434e97f8, request=0x45eccc74, ctxt=0x449a84e0, status=0) ---Type <return> to continue, or q <return> to quit--- at nsStreamConverter.cpp:1014 #16 0x4239c287 in nsMsgProtocol::OnStopRequest(nsIRequest*, nsISupports*, unsigned) (this=0x45eccc70, request=0x45930118, ctxt=0x449a84e0, aStatus=0) at nsMsgProtocol.cpp:362 #17 0x43054bc0 in nsMailboxProtocol::OnStopRequest(nsIRequest*, nsISupports*, unsigned) (this=0x45eccc70, request=0x45930118, ctxt=0x449a84e0, aStatus=0) at nsMailboxProtocol.cpp:391 #18 0x40d86138 in nsInputStreamPump::OnStateStop() (this=0x45930118) at nsInputStreamPump.cpp:504 #19 0x40d85a17 in nsInputStreamPump::OnInputStreamReady(nsIAsyncInputStream*) ( this=0x45930118, stream=0x45da384c) at nsInputStreamPump.cpp:341 #20 0x40a88d11 in nsInputStreamReadyEvent::EventHandler(PLEvent*) ( plevent=0x44057e2c) at nsStreamUtils.cpp:118 #21 0x40aae148 in PL_HandleEvent (self=0x44057e2c) at plevent.c:692 #22 0x40aadfe9 in PL_ProcessPendingEvents (self=0x8175350) at plevent.c:627 #23 0x40ab13a8 in nsEventQueueImpl::ProcessPendingEvents() (this=0x8175318) at nsEventQueue.cpp:391 #24 0x419ee8b8 in event_processor_callback (data=0x8175318, source=6, condition=GDK_INPUT_READ) at nsAppShell.cpp:189 #25 0x419ee221 in our_gdk_io_invoke (source=0x8267710, condition=G_IO_IN, data=0x8267a88) at nsAppShell.cpp:74 #26 0x4031f0a6 in g_io_add_watch () from /usr/lib/libglib-1.2.so.0 #27 0x403209ae in g_get_current_time () from /usr/lib/libglib-1.2.so.0 #28 0x40320e89 in g_get_current_time () from /usr/lib/libglib-1.2.so.0 #29 0x40321124 in g_main_run () from /usr/lib/libglib-1.2.so.0 #30 0x4022c27f in gtk_main () from /usr/lib/libgtk-1.2.so.0 #31 0x419eed20 in nsAppShell::Run() (this=0x81af450) at nsAppShell.cpp:320 #32 0x419a2ef9 in nsAppShellService::Run() (this=0x81af1c8) at nsAppShellService.cpp:488 #33 0x08064719 in main1 (argc=1, argv=0xbffff794, nativeApp=0x8151d68) at nsAppRunner.cpp:1321 #34 0x0806554c in main (argc=1, argv=0xbffff794) at nsAppRunner.cpp:1799 #35 0x4051c5cd in __libc_start_main () from /lib/libc.so.6 (gdb) frame 5 #5 0x400e82b9 in PR_Assert (s=0x42c7ea9f "cont->nchildren > 0", file=0x42c7e90e "mimemult.cpp", ln=493) at prlog.c:538 538 abort(); (gdb) up #6 0x42c4de2b in MimeMultipart_close_child (object=0x45e75920) at mimemult.cpp:493 493 PR_ASSERT(cont->nchildren > 0); (gdb) p *cont $1 = {object = {clazz = 0x42c845e0, headers = 0x45411908, content_type = 0x445eab28 "multipart/alternative", encoding = 0x0, parent = 0x44909178, options = 0x445df198, closed_p = 0, parsed_p = 0, output_p = 1, dontShowAsAttachment = 1, ibuffer = 0x459d6068 '-' <repeats 12 times>, "A75587213057526\n", obuffer = 0x0, ibuffer_size = 1024, obuffer_size = 0, ibuffer_fp = 28, obuffer_fp = 0}, children = 0x0, nchildren = 0} (gdb) up #7 0x42c4d4dc in MimeMultipart_parse_line ( line=0x459d6068 '-' <repeats 12 times>, "A75587213057526\n", length=28, obj=0x45e75920) at mimemult.cpp:177 177 status = ((MimeMultipartClass *)obj->clazz)->close_child(obj); (gdb) p obj $2 = (MimeObject *) 0x45e75920 (gdb) p obj.clazz $3 = (MimeObjectClass *) 0x42c845e0 (gdb) p *obj $4 = {clazz = 0x42c845e0, headers = 0x45411908, content_type = 0x445eab28 "multipart/alternative", encoding = 0x0, parent = 0x44909178, options = 0x445df198, closed_p = 0, parsed_p = 0, output_p = 1, dontShowAsAttachment = 1, ibuffer = 0x459d6068 '-' <repeats 12 times>, "A75587213057526\n", obuffer = 0x0, ibuffer_size = 1024, obuffer_size = 0, ibuffer_fp = 28, obuffer_fp = 0} (gdb) p *obj.clazz $5 = {class_name = 0x42c7df82 "MimeMultipartMixed", instance_size = 84, superclass = 0x42c84860, class_initialize = 0x42c475bc <MimeMultipartMixedClassInitialize>, class_initialized = 1, initialize = 0x42c4d23a <MimeMultipart_initialize>, finalize = 0x42c4d30c <MimeMultipart_finalize>, parse_begin = 0x42c4e920 <MimeObject_parse_begin>, parse_buffer = 0x42c4ec0a <MimeObject_parse_buffer>, parse_line = 0x42c4d39c <MimeMultipart_parse_line>, parse_eof = 0x42c4e218 <MimeMultipart_parse_eof>, parse_end = 0x42c3b4e4 <MimeContainer_parse_end>, displayable_inline_p = 0x42c3b6b2 <MimeContainer_displayable_inline_p>, debug_print = 0x42c4e34a <MimeMultipart_debug_print>} (gdb) p mult $6 = (MimeMultipart *) 0x45e75920 (gdb) p *mult $7 = {container = {object = {clazz = 0x42c845e0, headers = 0x45411908, content_type = 0x445eab28 "multipart/alternative", encoding = 0x0, parent = 0x44909178, options = 0x445df198, closed_p = 0, parsed_p = 0, output_p = 1, dontShowAsAttachment = 1, ibuffer = 0x459d6068 '-' <repeats 12 times>, "A75587213057526\n", obuffer = 0x0, ibuffer_size = 1024, obuffer_size = 0, ibuffer_fp = 28, obuffer_fp = 0}, children = 0x0, nchildren = 0}, boundary = 0x44073ec8 "----------A75587213057526", hdrs = 0x0, state = MimeMultipartHeaders} (gdb) p boundary $8 = MimeMultipartBoundaryTypeSeparator (gdb) frame #7 0x42c4d4dc in MimeMultipart_parse_line ( line=0x459d6068 '-' <repeats 12 times>, "A75587213057526\n", length=28, obj=0x45e75920) at mimemult.cpp:177 177 status = ((MimeMultipartClass*)obj->clazz)->close_child Hope this helps... Reproducible: Didn't try Steps to Reproduce: 1. 2. 3.
PR_Assert crashes debug builds. I've already replaced that PR_Assert with an NS_ASSERTION, I believe...
I have another instance of the assertion open in the debugger right now, I'm just a mozilla user really, but a commercial unix developer, quite keen to stop all this crashing that annoys me so much in mozilla. This time I dont think I was downloading messages, as I have automatic / periodic download disabled in all accounts (but will check this). But it does say "End mail message delivery." something must have been happening in the background as I was composing a message at the time (and lost it), which is what so anoying whht mozilla crashing. Maybe this bug should be downgraded from critial then, as I can see that non- debug builds would make MimeMultipart_close_child() a no-op when nchildren==0. I have just checked the message content of the new instance of this crash and its the same outline. Both the X-message-flag: 1st line of body exist, and the EMPTY mime part text/plain. I have saved this example too, if wanted I can post / attach if it'll help. Is it possible to get mozilla or gdb to write a core file out and / or save its current debugging state completely, so I can come back to it if you want any more information ? Should MimeMultipart_close_child() be called when there is no child ? My build is 1.8a4 from CVS.
I believe it's a poorly constructed message. Are you on the tip of the trunk, or are you using the 1.8a4 cvs files? I thought I fixed this on the trunk after 1.8a4.
I'm at MOZILLA_1_8a4_RELEASE. It is a poorly constructed message, no blank line after MIME headers, no MIME body to the test/plain part. I have checked the cvs HEAD and your change is included. If this is not a bug, nor will it cause any harm if it were in a non-debugging build them please close this report. ------------A75587213057526 Content-Type: text/plain; Charset = "us-ascii" Content-Transfer-Encoding: 7bit ------------A75587213057526
ok, thx, closing wfm...
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → WORKSFORME
Product: MailNews → Core
Product: Core → MailNews Core
You need to log in before you can comment on or make changes to this bug.