Closed Bug 319536 Opened 15 years ago Closed 15 years ago

crash if mail is forwarded or created and existing mail body is deleted using SHIFT+PGDWN, DEL keys


(Thunderbird :: Message Compose Window, defect)

Not set


(Not tracked)



(Reporter: ch.nolte, Assigned: mscott)


User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20051201 Fedora/ Firefox/1.5
Build Identifier: Mozilla Thunderbird version 1.5 (20051105) RC1

When creating a new mail or forwarding a mail sometimes I want to discard the text  of the existing mail body (e.g. signatures or text to be forwarded). I therefore use some key combinations to achieve this:

I do this by clicking into the mail body at the beginning of the text, then press SHIFT+PGDWN to select the whole text and then pressing DEL. Thunderbird then crashes every time reproducible. 

Reproducible: Always

Steps to Reproduce:
1. Start Thunderbird
2. Click button 'write' to create a new mail
3. Enter some E-Mail Address and Subject (using TAB or Mouse-Click to select the fields)
4. Use TAB to go to the first row and first column of the message body or use the Mouse to go there
5. Use CTRL+PGDWN to select the whole body-content (in my case I have a signature)
6. Use DEL

Actual Results:  
Thunderbird crashes with a SEGV.

Expected Results:  
The body content should be deleted.

When using CTRL+A or the mouse to select the whole content instead of SHIFT+PGDWN in the described procedure, thunderbird does not crash.

I have tried to debug thunderbird using ddd:

   thunderbird --debug

but this was not successful. After the Mail window opens the application recieves Realtime-Signals (33) and after continuing within ddd thunderbird crashes after 10 or 20 such signals. Perhaps this is related to this BUG.

Furthermore I have made a core-dump: The Backtrace looks like this:


#0  0x0021a402 in __kernel_vsyscall ()
No symbol table info available.
#1  0x0011c32e in raise () from /lib/
No symbol table info available.
#2  0x08059b7c in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:206
        unblock_sigs = {__val = {1024, 0 <repeats 31 times>}}
        oldact = Variable "oldact" is not available.
(gdb) backtrace
#0  0x0021a402 in __kernel_vsyscall ()
#1  0x0011c32e in raise () from /lib/
#2  0x08059b7c in nsProfileLock::FatalSignalHandler (signo=11) at nsProfileLock.cpp:206
#3  <signal handler called>
#4  0x05d300de in nsTextServicesDocument::DeleteNode (this=0x9544958, aChild=0x94d8c90)
    at nsTextServicesDocument.cpp:2532
#5  0x05d34ba5 in nsTSDNotifier::DidDeleteNode (this=0x952ae08, aChild=0x94d8c90, aResult=0)
    at nsTSDNotifier.cpp:118
#6  0x05d4d9f9 in nsEditor::DeleteNode (this=0x93c6c40, aElement=0x94d8c90) at nsEditor.cpp:1538
#7  0x05cdf6a3 in nsHTMLEditor::DeleteNode (this=0x93c6c40, aNode=0x94d8c90) at nsHTMLEditor.cpp:3888
#8  0x05d3dabb in nsTextEditRules::DidDeleteSelection (this=0x94d999c, aSelection=0x94c1ee8,
    aCollapsedAction=1, aResult=0) at nsTextEditRules.cpp:998
#9  0x05cfc478 in nsHTMLEditRules::DidDeleteSelection (this=0x94d9998, aSelection=0x94c1ee8, aDir=1,
    aResult=0) at nsHTMLEditRules.cpp:2858
#10 0x05d1278a in nsHTMLEditRules::DidDoAction (this=0x94d9998, aSelection=0x94c1ee8, aInfo=0xbfd4f52c,
    aResult=0) at nsHTMLEditRules.cpp:641
#11 0x05d3b4c7 in nsPlaintextEditor::DeleteSelection (this=0x93c6c40, aAction=1) at nsPlaintextEditor.cpp:754
#12 0x05d41c7d in nsTextEditorKeyListener::KeyPress (this=0x94e6468, aKeyEvent=0x943b2e8)
    at nsEditorEventListeners.cpp:216
#13 0x018e264e in nsEventListenerManager::HandleEvent (this=0x93c68b8, aPresContext=0x9300f80,
    aEvent=0xbfd4fb34, aDOMEvent=0xbfd4f7bc, aCurrentTarget=0x930cae0, aFlags=514, aEventStatus=0xbfd4f9a8)
    at nsEventListenerManager.cpp:141
#14 0x018a43a6 in nsDocument::HandleDOMEvent (this=0x930ca30, aPresContext=0x9300f80, aEvent=0xbfd4fb34,
    aDOMEvent=0xbfd4f7bc, aFlags=514, aEventStatus=0xbfd4f9a8) at nsDocument.cpp:4002
#15 0x018baa4d in nsGenericElement::HandleDOMEvent (this=0x9302030, aPresContext=0x9300f80,
    aEvent=0xbfd4fb34, aDOMEvent=0xbfd4f7bc, aFlags=519, aEventStatus=0xbfd4f9a8)
    at nsGenericElement.cpp:2206
#16 0x01754e17 in PresShell::HandleEventInternal (this=0x9492d88, aEvent=0xbfd4fb34, aView=0x9301140,
    aFlags=513, aStatus=0xbfd4f9a8) at nsPresShell.cpp:6420
---Type <return> to continue, or q <return> to quit---
#17 0x0175afa3 in PresShell::HandleEvent (this=0x9492d88, aView=0x9301140, aEvent=0xbfd4fb34,
    aEventStatus=0xbfd4f9a8, aForceHandle=1, aHandled=@0xbfd4f9a4) at nsPresShell.cpp:6203
#18 0x019ac5ff in nsViewManager::HandleEvent (this=0x949d6f8, aView=0x9301140, aEvent=0xbfd4fb34,
    aCaptured=0) at nsViewManager.cpp:2512
#19 0x019af508 in nsViewManager::DispatchEvent (this=0x949d6f8, aEvent=0xbfd4fb34, aStatus=0xbfd4fab4)
    at nsViewManager.cpp:2246
#20 0x019a5f2a in HandleEvent (aEvent=0xbfd4fb34) at nsView.cpp:171
#21 0x05fa1eac in nsCommonWidget::DispatchEvent (this=0x9301560, aEvent=0xbfd4fb34, aStatus=@0xbfd4fb84)
    at nsCommonWidget.cpp:219
#22 0x05f9b0bd in nsWindow::OnKeyPressEvent (this=0x9301560, aWidget=0x8b0fa00, aEvent=0x8613210)
    at nsWindow.cpp:1779
#23 0x05f9b11d in key_press_event_cb (widget=0x8b0fa00, event=0x8613210) at nsWindow.cpp:3861
#24 0x004c301c in gtk_marshal_VOID__UINT_STRING () from /usr/lib/
#25 0x001d7b38 in g_closure_invoke () from /usr/lib/
#26 0x001e6173 in g_signal_stop_emission () from /usr/lib/
#27 0x001e7523 in g_signal_emit_valist () from /usr/lib/
#28 0x001e7b23 in g_signal_emit () from /usr/lib/
#29 0x005a519f in gtk_widget_activate () from /usr/lib/
#30 0x005b4811 in gtk_window_propagate_key_event () from /usr/lib/
#31 0x005b8b25 in gtk_window_activate_key () from /usr/lib/
#32 0x004c301c in gtk_marshal_VOID__UINT_STRING () from /usr/lib/
#33 0x001d7505 in g_cclosure_new_swap () from /usr/lib/
#34 0x001d7b38 in g_closure_invoke () from /usr/lib/
#35 0x001e62ff in g_signal_stop_emission () from /usr/lib/
#36 0x001e7523 in g_signal_emit_valist () from /usr/lib/
#37 0x001e7b23 in g_signal_emit () from /usr/lib/
#38 0x005a519f in gtk_widget_activate () from /usr/lib/
#39 0x004c1869 in gtk_propagate_event () from /usr/lib/
#40 0x004c1b90 in gtk_main_do_event () from /usr/lib/


If you need the core-dump file I can attach it to this BUG.
Version: unspecified → 1.5
This should be fixed in newer builds.

*** This bug has been marked as a duplicate of 304720 ***
Closed: 15 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.