Closed Bug 330507 Opened 19 years ago Closed 19 years ago

Crash when clearing a quick search during a LDAP search.

Categories

(MailNews Core :: Address Book, defect)

Product:
MailNews Core
Component:
Address Book
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: standard8, Assigned: Bienvenu)

References

(
URL
)

Details

(Keywords: fixed1.8.1, verified1.8.1.3)

Attachments

(2 files, 3 obsolete files)

proposed fix
4.28 KB, patch
standard8
: review+
mscott
: superreview+
Details | Diff | Splinter Review
fix one more case
5.06 KB, patch
standard8
: review+
Details | Diff | Splinter Review
Go into the address book window and start a quick search (preferably returning lots of results) and then cancel it whilst the search is still running -> crash. It crashes at this line: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/mailnews/addrbook/src/nsAbLDAPDirectoryQuery.cpp&rev=1.33&mark=554#554 If I back out David's patch on bug 206018 this works fine (although may cause other problems looking at that bug) - its because mDirectoryQuery becomes a pointer to nowhere. Investigating a little further it seems that this section: http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/mailnews/addrbook/src/nsAbLDAPDirectoryQuery.cpp&rev=1.33&mark=204-213#198 should be preventing the address book getting to the crash line but I think for some reason, this section either isn't being set up or something. Hopefully we can come up with a better fix to sort both of these issues.
Requesting blocking thunderbird 2 - we shouldn't ship with a crash like this and the fix should be reasonably simple.
Flags: blocking-thunderbird2?
Flags: blocking-thunderbird2? → blocking-thunderbird2+
>the fix should be reasonably simple :-) That has not been my experience. My change in bug 206018 may have caused the problem, or just exposed it - without that change, nothing was ever getting freed, which would hide a multitude of sins. One thing to check is if the assertion I made in that bug is valid, to wit: ldapdirectoryquery strictly owns the listener. I'll try to recreate this - I wish I had a working Purify again...
I was able to recreate the crash. nsAbDirSearchListener has a pointer, not a reference, to mSearchContext - the mSearchContext is the object that's been deleted. That object is an nsAbLDAPDirectory, if I'm reading the code right...that can't be right...
This code alway confuses me - iirc, there are multiple nsIAbdirectory objects/rdf resources - one for the directory itself, and one for the search query that's running. It's the latter that's getting deleted, before the nsAbQueryLDAPMessageListener has finished. I'm not sure what cancelling the quick search actually does, because I don't seem to be hitting the cancel code I would expect...
Assignee: nobody → bienvenu
the first thing cancelling the search does is clear the mDirectory pointer in nsAbView, by replacing it with an mDirectory for the directory, not the search. That might be the last reference other than js refs that get gc'd away.
more info - we're never cancelling the ldap search in this case. We bail out of nsAbLDAPDirectory::StartSearch here: if (!mIsQueryURI || mQueryString.IsEmpty()) return NS_OK; We fail that test because cancelling the quick search just does a "search" over the whole directory. So the ldap query is never cancelled, and eventually, sometimes crashes (depending on whether the js gc causes the directory object to get freed before the query finishes). So I think the fix is to actually cancel the query. I'll try it out.
Status: NEW → ASSIGNED
Attached patch proposed fix (obsolete) — Splinter Review
Attachment #215331 - Flags: review?(bugzilla)
the basic premise is that the AbView owns the directoryQuery at this point, and if it's going to create a new directoryQuery, it should cancel the previous directoryQuery so that it can clean up after itself.
Attached patch proposed fixSplinter Review
OK, I've basically backed out the change that caused this crash and fixed that bug an other way, by breaking the cycle with the listener, in the OnSearchFinished notification...
Attachment #215331 - Attachment is obsolete: true
Attachment #215712 - Flags: review?
Attachment #215331 - Flags: review?(bugzilla)
oops, ignore the nsAbView change - I'm removing that...
Comment on attachment 215712 [details] [diff] [review] proposed fix r=me assuming you don't check in the nsAbView.cpp change. This does appear to fix the crash, and I can't see any further regressions with this fix in place.
Attachment #215712 - Flags: review? → review+
Attachment #215712 - Flags: superreview?(mscott)
Comment on attachment 215712 [details] [diff] [review] proposed fix without the abview change of course.
Attachment #215712 - Flags: superreview?(mscott) → superreview+
After removing the abview change, I crash frequently with the remaining changes on the trunk - the ldap connection gets closed, which it shouldn't - we should be re-using the same connection. And when the ldap connection goes away, that causes strange crashes down the road, when the address book is closed. I'm going to see if cancelling the query (the abview change) makes the crashes and extra connections go away, which would be a bit counter-intuitive, but I didn't see those before.
I'm not seeing the strange crash I was seeing before, but I am seeing connections getting closed. Time to dive into this again.
we were still closing connections w/o this patch, so I think I'm going to go with this patch for now on trunk and 1.8 branch
Could this have broken Super DragAndGo (search function)? I'm using userChrome.js extension with the Drag'n'go code snippet. http://forums.mozillazine.org/viewtopic.php?t=397735&postdays=0&postorder=asc&postsperpage=15& When I select a word, drag it away and release it, it only throws and error instead of doing a search: Error: Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIStringBundle.GetStringFromName] Source file: XStringBundle Line: 17 Some patch checked in between 1.9a1_2006062921 and 1.9a1_2006063014 broke it. I'm just trying to find out what patch caused this.
this change should have nothing to do with the super drag and drop error.
OK, the checked in fix has issues. It's now possible to get multiple threads going against the same nsLDAPConnection object, which causes a crash, if you do quick search in the ab view. By nulling out mListener in OnSearchFinished, we cause nsAbLDAPDirectoryQuery::DoQuery to re-init the nsLDAPConnection object, which makes it spin up a new thread. I'll have to think about how to fix this.
Attached patch proposed fix (obsolete) — Splinter Review
instead of clearing listener to break cycle at end of search, just don't hold a reference to the ldap connection, so there's no cycle to begin with.
Attachment #243490 - Flags: superreview?(mscott)
Attachment #243490 - Flags: review?(bugzilla)
with this patch, I verified that we're still cleaning up ldap connections when the address book is closed...
Attachment #243490 - Flags: superreview?(mscott) → superreview+
Comment on attachment 243490 [details] [diff] [review] proposed fix clearing request - this introduces a crash if you close the address book while an ldap search is going on. The directory the mListener points to gets deleted. mListener might want a weak ref to the directory...or else we should somehow clear the directory pointer from the listener when the directory gets closed...a weak ref is probably the way to go...
Attachment #243490 - Attachment is obsolete: true
Attachment #243490 - Flags: review?(bugzilla)
also, I should say - for 2.0, the problem is that we never close the ldap connections - it doesn't have this patch, per se.
Attachment #244127 - Flags: review?(bugzilla)
that patch makes nsAbLDAPDirectoryQuery null out the nsAbQueryLDAPMessageListener's mDirectoryQuery pointer when the nsAbLDAPDirectoryQuery gets destroyed. And it makes nsAbQueryLDAPMessageListener check if the pointer is null in a few places, to avoid a crash.
Standard8, that patch is for the 2.0 branch.
Comment on attachment 244127 [details] [diff] [review] fix for leaking connections that doesn't crash for the trunk, this fixes the crash closing the ab view while a search is still going on.
Attachment #244127 - Flags: superreview?(mscott)
Attachment #244127 - Flags: superreview?(mscott) → superreview+
https://bugzilla.mozilla.org/attachment.cgi?id=244127 is for the 2.0 branch - on the 2.0 branch, we still leak connections. What I meant to say was that a very similar change on the trunk will fix the crash when you close the ab window while an ldap query is going on, i.e., part of that patch.
Mark, this might fix the crash you saw - we were getting into js gc which was clearing out the directory query out from under the listener. If I null out the search context as well, and check for that, that fixes one last crash. This patch is also for 2.0, though it will need to go on the trunk as well.
Attachment #244127 - Attachment is obsolete: true
Attachment #244265 - Flags: review?(bugzilla)
Attachment #244127 - Flags: review?(bugzilla)
Blocks: 351642
Comment on attachment 244265 [details] [diff] [review] fix one more case Ok, this seems to work fine now. The code looks reasonable as well.
Attachment #244265 - Flags: review?(bugzilla) → review+
fixed on branch
Keywords: fixed1.8.1
fixed on trunk.
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
*** Bug 351642 has been marked as a duplicate of this bug. ***
No longer blocks: 351642
Thunderbird 2.0.0.0; version 2.0.0.0 (20070326) does not crash when canceling an address book search, or when closing the address book window. Adding verified1.8.1.3 keyworkd.
Keywords: verified1.8.1.3
Product: Core → MailNews Core
See Also: → https://launchpad.net/bugs/42604
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: