Crash after entering <smiley><space><space>




Spelling checker
12 years ago
11 years ago


(Reporter: John Ellson, Assigned: Scott MacGregor)


({crash, fixed1.8.1})

1.8 Branch
crash, fixed1.8.1

Firefox Tracking Flags

(Not tracked)



(1 attachment)



12 years ago
User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20060223 Fedora/ Firefox/
Build Identifier: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20060223 Fedora/ Firefox/

I reported this in Fedora BZ #178274 but nobody seems interested in looking at it.

On x86_64, but not i386, entering a smiley from the smiley menu, then two space
characters crashes thunderbird.


Reproducible: Always

Steps to Reproduce:
2.File->New->Message on message body to move focus

Actual Results:  
cursor doesn't move for spaces

Expected Results:  
normal text entry after smileys

Comment 1

12 years ago
we certainly don't support their rpms. build from source (specify which branch you're using or trunk - for consistency, there's nothing wrong w/ using the thundebird1.5 sourceball if you can find it) w/ --enable-debug --disable-optimize --disable-strip

(commands written for some random shell, if your shell is different, fix.)


export MOZ_NO_REMOTE=1
export NO_EM_RESTART=1
./ -g -d gdb ./thunderbird-bin
info locals
info threads
Version: unspecified → 1.5

Comment 2

12 years ago
I tried building from thunderbird-1.5-source.tar.bz2 but make dies with:

rm -f
gcc  -Wall -W -Wno-unused -Wpointer-arith -Wcast-align -Wno-long-long -pedantic -pthread -pipe  -DDEBUG -D_DEBUG -DDEBUG_ellson -DTRACING -g -fno-inline -fPIC -shared -Wl,-h -Wl, -o  jsapi.o jsarena.o jsarray.o jsatom.o jsbool.o jscntxt.o jsdate.o jsdbgapi.o jsdhash.o jsdtoa.o jsemit.o jsexn.o jsfun.o jsgc.o jshash.o jsinterp.o jslock.o jslog2.o jslong.o jsmath.o jsnum.o jsobj.o jsopcode.o jsparse.o jsprf.o jsregexp.o jsscan.o jsscope.o jsscript.o jsstr.o jsutil.o jsxdrapi.o jsxml.o prmjtime.o              -lm -ldl -L/usr/lib64 -lplds4 -lplc4 -lnspr4 -lpthread -ldl -ldl -lm
/usr/bin/ld: jsapi.o: relocation R_X86_64_PC32 against `memset@@GLIBC_2.2.5' can not be used when making a shared object; recompile with -fPIC
/usr/bin/ld: final link failed: Bad value
collect2: ld returned 1 exit status
gmake[3]: *** [] Error 1
gmake[3]: Leaving directory `/home/ellson/FIX/Linux.x86_64/build/mozilla/js/src'gmake[2]: *** [libs] Error 2
gmake[2]: Leaving directory `/home/ellson/FIX/Linux.x86_64/build/mozilla/js'
gmake[1]: *** [tier_2] Error 2
gmake[1]: Leaving directory `/home/ellson/FIX/Linux.x86_64/build/mozilla'
make: *** [default] Error 2

Comment 3

12 years ago
to your mozconfig and rebuild the world

note that this indicates your build toolchain is broken, unfortunately, that's normal for x86_64.

Comment 4

12 years ago
Bug is reproducible with vanilla thunderbird-1.5-source.tar.bz2

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 47279260816176 (LWP 25034)]
0x00002b00142f1e00 in nsString::CharAt (this=0x7fffffa95d60, i=4294967295)
    at ../../../dist/include/string/nsTString.h:134
134               return mData[i];
(gdb) list
129              */
131           char_type CharAt( index_type i ) const
132             {
133               NS_ASSERTION(i <= mLength, "index exceeds allowable range");
134               return mData[i];
135             }
137           char_type operator[]( index_type i ) const
138             {
(gdb) where
#0  0x00002b00142f1e00 in nsString::CharAt (this=0x7fffffa95d60, i=4294967295)
    at ../../../dist/include/string/nsTString.h:134
#1  0x00002b00142f1e23 in nsString::operator[] (this=0x7fffffa95d60,
    i=4294967295) at ../../../dist/include/string/nsTString.h:139
#2  0x00002b00142ea9ee in mozInlineSpellChecker::EndOfAWord (this=0x1016820,
    aNode=0x1532138, aOffset=-1) at mozInlineSpellChecker.cpp:980
#3  0x00002b00142ed151 in mozInlineSpellChecker::AdjustSpellHighlighting (
    this=0x1016820, aNode=0x1532138, aOffset=-1,
    aSpellCheckSelection=0x1041f30, isDeletion=0)
    at mozInlineSpellChecker.cpp:848
#4  0x00002b00142ed822 in mozInlineSpellChecker::SpellCheckAfterEditorChange (
    this=0x1016820, action=1001, aSelection=0x1041aa0,
    previousSelectedNode=0x1532138, previousSelectedOffset=0,
    aStartNode=0x1532138, aStartOffset=0, aEndNode=0x1532138, aEndOffset=1)
    at mozInlineSpellChecker.cpp:261
#5  0x00002b0015b1d9bf in nsEditor::HandleInlineSpellCheck (this=0x103de30,
    action=1001, aSelection=0x1041aa0, previousSelectedNode=0x1532138,
    previousSelectedOffset=0, aStartNode=0x1532138, aStartOffset=0,
    aEndNode=0x1532138, aEndOffset=1) at nsEditor.cpp:5399
#6  0x00002b0015aceaba in nsHTMLEditRules::AfterEditInner (this=0xfce8c0,
    action=1001, aDirection=1) at nsHTMLEditRules.cpp:547
#7  0x00002b0015acec36 in nsHTMLEditRules::AfterEdit (this=0xfce8c0,
    action=1001, aDirection=1) at nsHTMLEditRules.cpp:391
---Type <return> to continue, or q <return> to quit---

Comment 5

12 years ago,922,1030,1043#859

Thank you very much. signed offsets and -1s, wonderful. unfortunately I don't understand this code and doesn't include explanations of what it's thinking. so i'm assigning it to bienvenu to clean up.
Severity: normal → critical
Component: Message Compose Window → Spelling checker
Keywords: crash
Product: Thunderbird → Core
QA Contact: spelling-checker
Version: 1.5 → 1.8 Branch
Ever confirmed: true
Summary: crash after entering <smiley><space><space> → Crash after entering <smiley><space><space>

Comment 6

12 years ago
When I try this on windows, I get an offset of -1, but we bail out here:

  rv = GenerateRangeForSurroundingWord(currentNode, aOffset, getter_AddRefs(wordRange));

  // if we don't have a word range to examine, then bail out early.
  if (!wordRange)
    return NS_OK;

because wordRange is null. Thus, we don't get to the crashing code.

Comment 7

12 years ago
Created attachment 213357 [details] [diff] [review]
possible fix

I think this should fix it, but I don't know why we're not crashing on windows...can you try this patch out, John, if you're able to build?
Attachment #213357 - Flags: superreview?(mscott)

Comment 8

12 years ago
It doesn't crash with the patch, but the spaces still don't show up.

Instead of:  <smiley><space><space>words
I get:       <smiley>words

Comment 9

12 years ago
my recollection is that's not related to inline spell-checking...did you try turning it off?

Comment 10

12 years ago
Which, the crash or the missing spaces?

I turned off inline spell checking and the spaces still don't appear.
Do you want me to take out the patch as well?

Comment 11

12 years ago
I'm saying the missing spaces is a separate bug, and is an editor bug, not related to inline spell-checking (and is already filed, I'm pretty sure)


12 years ago
Attachment #213357 - Flags: superreview?(mscott) → superreview+


12 years ago
Last Resolved: 12 years ago
Keywords: fixed1.8.1
Resolution: --- → FIXED

Comment 12

12 years ago
*** Bug 345726 has been marked as a duplicate of this bug. ***
I can see this problem in Thunderbird When you compose a message and add a smiley, you cannot type spaces immediatly after the smiley.
You need to log in before you can comment on or make changes to this bug.